The General Data Protection Regulation (GDPR) came in to force on May 25th, if you do business in the European Union (EU) this likely impacts you.
Even if you are not in the EU you likely have received a number of emails lately about providers changing their terms of service due to EU regulatory changes. The General Data Protection Regulation (GDPR) is an important EU regulation that has requirements regarding the processing of personally identifiable information of data subjects inside the European Union.
Previously the collection of personally identifiable information was not covered by as strongly by existing regulations. With the GDPR in force you are liable for large fines for non-compliance if you are doing business in the EU.
Data breach regulations are getting more common world wide and the regulatory landscape is definitely shifting with regards to personally identifiable data. With regulations such as the GDPR and various other regulations coming in to force it is getting more and more valuable to have well planned and well engineered systems when personal or sensitive data is involved.
We suggest that you put serious thought into how you are using data in both a business and technical capacity.
If you are handling sensitive data it is worth having policy in place for preventing and handling data breaches.
This has been a fairly controversial and highly debated regulation. The reactions from different companies and organizations have been quite diverse.
Some companies that do not have any EU customers have taken the step to completely block the EU from using their services because they have judged that the cost of compliance is too high for them.
Other companies have overhauled internal systems to make sure that their services are in compliance with the new regulations.
What is best for your organization will depend fairly heavily on the nature of your business and what geographical areas you are doing business in.