What is GDPR?
GDPR establishes the many measures organizations must take to protect personal data belonging to residents of the EU. These measures include (but are not limited to): understanding what personal data an organization handles and where this data resides; performing risk assessments to gauge an organization’s exposure to accidental or unlawful loss of this data; implementing various technical and organizational controls to protect personal data; and appointing a chief data protection officer charged with overseeing GDPR compliance.
GDPR applies to any organization that handles or processes personal data belonging to EU residents. It establishes strict breach disclosure requirements, and when enforcement begins on May 25, 2018, will impose stiff fines for non-compliance.