The General Data Protection Regulation (GDPR) will have a dramatic effect on the way that organisations deal with the data of customers, employees and others. Set to come into effect in May 2018, GDPR means every business, government and public sector entity that touches European Union residents’ data will need to rethink their data management approaches in order to stay compliant and thereby avoid massive new fines and bad publicity. It also applies to organisations that host in the EU, regardless of the end user or the user’s location.
Organisations of all sizes need to start planning now in order to put processes in place. This document is intended as a no-nonsense guide to GDPR, covering its background, key rules, penalties and best practice for dealing with this historic milestone in data protection. It is intended primarily for a non-specialist audience involved in IT, security and C-level roles.