GDPR Compliance with the EUs New Privacy Regulation?
The EU GDPR, is a regulation that lays down rules relating to the protection of EU Personally Identifiable Information (PII) and covers the processing of personal data and rules relating to the free movement of personal data. The impact of GDPR (General Data Protection Regulation) and its compliance mandate requires a new personal privacy protection process for a broad set of companies. GDPR Compliance is required by May 25, 2018.
Different from other privacy laws that focus on Sensitive Private Information (SPI), GDPR focuses on any personally identifiable information.
GDPR is a regulation, not a simple directive, carrying the power of law. It must be applied in its entirety across the EU. This regulation also applies to organizations that are not located within the EU (such as the U.S.), that offer goods or services to, or monitor behavior of data subjects in the EU. About two thirds (2/3) of U.S. companies think that this regulation will apply to them.
The reality is that this regulation has very broad applicability to any company that gathers personal data (not just private data) and processes it such as website “contact us” forms, ecommerce information, social platforms etc., and also applies to commonly collected personally identifiable data such as user email addresses, phone numbers, addresses, cookies, and IP addresses.
Compliance is enforced by fines up to 4% of WW annual revenue or 20M Euros whichever is higher.