The General Data Protection Regulation (GDPR), which comes into force on the 25th of May 2018, is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the EU.
The two stated main objectives are to give citizens back control of their personal data, and simplify the regulatory environment for international business. The GDPR also addresses export of personal data outside the EU. This means that if a company based outside the EU processes personally identifiable information of European residents the Regulation still applies to it.
Watch the Governance, Risk & Compliance Video
To summarize, GDPR has a wide reach and is applicable to:
The GDPR supersedes all previous national legislation relating to data privacy, even in the case of the UK, who confirmed its intention to abide by it. Despite the GDPR introducing a number of important features to the data privacy space, the most surprising aspect is the extraordinary financial penalties reserved for noncompliant businesses. At the top of the range, serious offenders can expect fines equivalent to 4% of their annual global revenue or €20 million, whichever sum is greater.