It’s hard to believe that we’re now less than one year out from implementation of a major change to data protection laws in Europe: The General Data Protection Regulation, or GDPR. It is the result of four years’ work by the European Union (EU) to standardize privacy laws and protect residents of the EU from the misuse of their personal data and data breaches in an increasingly digital world.
Most of the personal data protection laws in the EU haven’t been updated since the 1995 Data Protection Directive. In 1995, only one percent of the European population was using the Internet. Now, not only is the majority of the global economy digital, but many companies are operating globally and processing personal data across borders. The EU Parliament established the GDPR framework as a way to update and harmonize the laws specific to the usage of millions of individuals’ data.
With these regulations that take effect on May 25, 2018, come a number of major implications that reach beyond the borders of the EU’s 28 member countries. In fact, any company that stores, processes or touches data coming from Europe will need to comply with GDPR. A recent survey by Compuware® found 52 percent of large U.S. companies acknowledge that they possess EU customer data, which means they’ll need to comply with GDPR even though they are based in the United States.
Want to learn more? Check out these two valuable resources that provide key information on the GDPR:
- Read this article by ADP’s Cecile Georges in Corporate Compliance Insights
- Register for the upcoming webcast on September 12th:Workplace Compliance Spotlight: What Employers Need to Know About The General Data Protection Regulation (GDPR)