What: Comprehensive regulation applicable to businesses that handle personal data of EU citizens. The General Data Protection Regulation (GDPR) replaces the EU’s 1995 Data Protection Directive.
Who: GDPR will affect companies all over the world, not just those in the EU. Some entities, depending on the amount and type of data they collect from EU citizens, will be required to appoint a data protection officer. GDPR also establishes requirements regarding notification of data breaches and obtaining consent from customers. Failure to comply could trigger large financial penalties: €20 million or 4% of annual global revenue.
When: GDPR becomes enforceable 25 May 2018.