The European Union’s General Data Protection Regulation (GDPR) is scheduled to come into effect in May of 2018. While this is a regional regulation, the nature of today’s interconnected economies means that it has global implications. GDPR clearly establishes the rights of EU citizens to control their personal data, while imposing new responsibilities on organizations to protect that data.
New protections for personally identifiable information (PII) include an individual’s right to explicitly approve the usage of their personal data, as well as the “right to be forgotten,” which enables individuals to demand that an organization purge any personal data about them. In addition, it imposes a requirement that organizations publicly report any data breaches impacting EU persons within 72 hours of their discovery.