The Meaning and Impact of the General Data Protection Regulation
An Executive FAQ on the General Data Protection Regulation
The European Union’s General Data Protection Regulation (GDPR) will substantially impact any company that sells to EU residents, or “monitors” the behavior of EU residents. Compliance will require significant changes in how companies collect, store, process, share, and transfer personal data. Failure to comply carries very high fines, as well as the possibility of consumer class-action lawsuits and the threat of imprisonment for responsible executives.
The GDPR authorizes data protection authorities to impose fines that are “effective” and “dissuasive.” That is, the fines are meant to be painful, in order to discourage repeat offenses. At the highest level, authorities may fine companies 20 million euros or 4% of their global turnover, whichever is greater. (By way of illustration, 4% of Google’s 2015 global turnover is about $3 billion.)
Firms must be fully prepared when the law goes into effect on May 25, 2018, because the grace period is now. An adequate response requires C-level and board-level attention and involvement immediately.
This paper provides an executive FAQ about the General Data Protection Regulation and the essentials of compliance. If you’re interested in bettering understanding how the GDPR impacts your organization specifically, please contact us.Download now