GDPR is a sweeping new EU privacy regulation that has extensive implications for U.S. firms too. In May 2018, a new regulation comes into force in Europe. Many have heard of the EU’s General Data Protection Regulation (GDPR), but one thing isn’t as well known: it affects U.S. companies, too. Mark Sangster, VP and Industry Security Strategist at cyber security company eSentire commented below.
Mark Sangster, VP and Industry Security Strategist at eSentire:
“Any organization serving EU residents and handling any of their personal data is subject to the rules, which significantly raise the bar for privacy, and could be a rude wake-up call for many on this side of the Atlantic. For the first time, national data privacy officers can impose harsh penalties on violators. The top tier of offenders can pay the greater of €20 million, or 4% of their global revenue.”
U.S. companies dealing with EU citizens have little time to lose. Because GDPR is a regulation rather than a directive, it will apply at once, rather than allowing time for individual countries to interpret into national law. Mark suggests that companies gather together their legal counsel, software developers, information architects, and human resource managers, as there’s plenty of work here for everyone.