In just under one year, the European Union’s General Data Protection Regulation (GDPR) will formally begin being enforced.
The statute requires any company, or entity, that handles personal data belonging to EU residents to comply with a broad set of requirements for protecting the privacy of that data. Significantly, GDPR vests EU residents with considerable control over their personal data, how it is used, and how it is made available to others. Under the statute, data subjects are the ultimate owners of their personal data, not the organizations that collect or use the data.
Companies that fail to comply with GDPR requirements can be fined between 2% and 4% of their annual global revenues or up to €20 million – which at current rates works out to just under $22.4 million USD – whichever is higher.
Read more at Dark Reading