The General Data Protection Regulation (GDPR) has been in the making for a few years. It was put together by the European Union to enhance data protection rights for EU citizens and harmonizes data protection laws across all 28 EU member states. GDPR is EU law as of May 25, 2018, and there are potentially very large fines for organizations who suffer a data breach. GDPR applies to all organizations who process personal data for EU citizens, regardless of which country the organization operates in. Yes, that means American businesses, too.
Organizations were given plenty of notice to prepare for GDPR. In fact, they had two years, as the EU committed to GDPR back in 2016. Yet recent audits and discussions with mainframe customers show that many organizations are still falling short of GDPR requirements.
Read on for more information about GDPR breaches from Jamie Pease, CISA, CISM, CISSP, CITP, MBCS, Principal Security Consultant at RSM Partners.