As most are well aware – GDPR Data SecurityThe General Data Protection Regulation (GDPR) has created a new data security standard aligning the current member state legislation across the European Union (EU). This goes for not only citizens but visitors and immigrants as well as for any company that retain EU customer data. The legislation will apply to any organization (including any third party receiving this data through the normal course of its operations) that offers goods or services, or whose activity monitors the behavior of individuals in the EU will be subject to GDPR – whether they reside and process data within the Union or not. https://www.compliancejunction.com/gdpr-for-us-companies/
The GDPR deadline for all U.S.-based multinational enterprise doing business in the EU is May 25, 2018. Gartner research has predicted that only 50% of companies impacted by this protocol will be compliant by the end of 2018. All non-compliant companies are looking to face hefty fines of up to €20 million or 4% of global annual revenue, whichever is greater.
DPOs will be required wherein the core activities of the controller or processor involve largescale processing of special categories of sensitive personal data, e.g., religious or philosophical beliefs, political opinions, racial or ethnic origins, biometric and genetic data for the purpose of uniquely identifying a natural person, or data concerning health.