The General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to personal data, including how a company handles and manages data, such as collecting, storing, using, and destroying data.
While many of the principles of this regulation build on current EU data protection rules, the GDPR has a broader scope, more prescriptive standards, and substantial fines. For example, it requires a higher standard of consent for using some types of data and broadens individuals' rights for accessing and transferring their data. Failure to comply with the GDPR can result in significant fines — up to 4% of global annual revenue for certain violations.
In preparation for GDPR, we have put together an internal team to stay ahead of the processes, practices, and work needed to be compliant. For more information, you can review https://www.givepulse.com/gdpr