If you haven’t seen or heard the acronym, the General Data Protection Regulation is a new law that enables citizens and residents of the European Union to control their online data.
It is enforceable on May 25, 2018.
Despite a 2-year grace period for businesses to create implementation plans, 61% of U.S. businesses and 67% of European businesses are unprepared.
This is important because the law is explicit that noncompliant companies which pose a risk to EU citizens and their privacy may be fined up to 20 million Euros ($25.5 million U.S. dollars) or 4% of their annual global turnover, whichever is higher. Each fine is per violation.
Imagine you’re a U.S.-based business, or anywhere in the world, whether a brick and mortar store, an internet shop, or a sole proprietorship. If you don’t sell products or services to European customers, you might not be liable. But if you have a website that a European resident could potentially visit, then you’re liable. More on that here.
Kickstarter goes further showing a comparison of what used to exist and what was changed. Take a look.