When the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, companies doing business in the EU will face a much higher bar for data security compliance. Here are some key requirements you need to know:

• GDPR applies to all companies that process personal data of people who live in the EU, even if the company itself is outside the EU.
• Data subjects must be given more information when their data is collected.
• Both consent and explicit consent now require clear affirmative action, and individuals can revoke their consent to data processing at any time.
• The minimum age for individuals whose data can be collected is rising from 13 to 16.
• Organizations must delete data that is not being used for its original purpose.
• Organizations have 72 hours to notify regulators of data breaches that pose a risk to data subjects.
• There is a single national office for complaints.
• Large data controllers must appoint a data protection officer.
• Proven noncompliance carries a penalty of up to roughly $24.5 million, or 4% of total global annual turnover for the preceding financial year.

If you’re still not ready to meet the GDPR’s data privacy standards, contact us.