In response to the need for greater data privacy and protection, the European Union (EU) enacted the General Data Protection Regulation (GDPR) to govern the collection, processing, use, and storage of personal data originating in the EU whether it be from an EU citizen, resident, or visitor. The regulation represents the most significant data privacy and protection regulation ever enacted. GDPR applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location.
The GDPR became effective May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).