On May 25, 2018, the General Data Protection Requirement, one of the most far-reaching global privacy laws in decades, will take place. And as it does, it will place a huge responsibility upon any business that handles the personally identifiable information of any EU citizen, regardless of where that data is processed.
Backed by the European Parliament, the Council of the European Union, and the European Commission, the GDPR gives data subjects (i.e., customers, employees, and contractors) the right to demand to know what data a business has on them, to request that data be passed to a competitor, or demand that the data is deleted. For any business that gathers or processes personal data, this law is huge; failure to comply with it could impose significant fines, civil penalties, and additional compliance costs totaling as much as four percent of annual turnover. Plus, European regulatory authorities retain the power to intervene operationally against companies not in compliance with the GDRP, including halting all information processing immediately. For some companies, this would mean essentially shutting down the entire operation.
