Living in GDPR’s World

Living in GDPR’s World
The EU’s General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, will directly impose a uniform data protection regime on all EU member states. But GDPR also applies to non-EU companies that process personal data of EU data subjects—i.e., any natural person whose personal data is processed by a controller or processor—including many, increasingly global, U.S. companies. Designed to “harmonize” data privacy laws across Europe as well as give greater protection and rights to individuals, the driving principle behind GDPR is that any data that specifically relates to a person belongs to that person—not to the organization creating, holding, or processing it. Failure to comply with GDPR could expose organizations to fines of up to 4% of annual global revenue or €20 million, whichever is greater.