The European Union’s General Data Protection Regulation (GDPR), which went into effect on May 25, 2018, guarantees the right of individuals to be in charge of their own data and how it is used. It holds those who collect and use personal data—including employers—accountable for abiding by specific principles and practices. Companies must document their ongoing efforts to comply with GDPR and can be fined up to €20 million ($US 23.9 million) or 4 percent of their annual revenues, whichever is greater, for failing to meet the new standards. GDPR applies not only to EU companies but to any company outside the EU that stores or processes any personal data about individuals in the EU.
This Executive Summary is exclusive to members of The Conference Board.
For information about membership click here.