The massive data breaches that have hit the headlines in recent years, including Yahoo, Verizon, and particularly Equifax, have taken a toll on breach victims, consumers, and corporations. We’ve seen stocks drop precipitously, class-action lawsuits filed, CEOs shown the door, and executives called before Congress. This year, breaches could be even more costly for companies once the European Union’s General Data Protection Regulation (GDPR) rules are in place come May 25.
The rules require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and also regulate the exportation of personal data of those consumers outside the EU. Penalties include fines of more than $27 million, or 4% of revenue, whichever is greater. GDPR will apply to any company that processes the data of EU citizens, regardless of where the company is based. Given the global nature of Internet commerce, its impact will be far reaching.
Organizations are under the gun to get systems in place now to ensure that they are in compliance with the regulations, before it’s too late.
Read which six key measures enterprises should prioritize over the next few months in their efforts to comply with the GDPR rules, on DarkReading.