GDPR(EU)
THE GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties crossing tens of millions of euros.
Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it – and those people often have malicious intent.
Under the terms of GDPR, not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.