General Data Protection Regulation (GDPR)

On April 14, 2016, the European Union Parliament passed the General Data Protection Regulation (GDPR), a complex set of new data privacy rules with major implications for businesses. GDPR addresses the collection and processing of EU citizens' personal data outside of the EU.

 

Even if a business does not collect personal data from EU citizens, the GDPR requirements apply to that business if it provides services to another business that must comply with GDPR.

Failure to comply with the regulations can result in fines of up to €20 million or 4 percent of global annual revenue in the prior year.