General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) enacted in May 2016 provides for the regulation and increased enforcement of privacy and security controls of personally identifiable information in the EU. The GDPR reaches the activities of businesses and organizations outside of the EU when they do business within the EU. Specifically, the GDPR applies to organizations outside of EU offering services or goods in the EU to “data subjects.” The deadline for GDPR compliance and the enforcement of the penalties associated with non-compliance goes into effect May 25, 2018. Under the GDPR, penalties for non-compliance can be as high as the greater of €10-20 million or 2-4% of global revenue depending on aggravating factors.