General Data Protection Regulation (GDPR) is a set of privacy rules that apply to any entity that handles personal data for customers in the European Union (EU). GDPR goes into effect May 25th 2018.
GDPR includes some of the following requirements:
- the right to easy access to one’s own personal data;
- the right to secure data protection by design and by default;
- the right to data portability, or the ability for customers to move their data between companies easily upon request;
- the right to know when one’s data has been compromised or breached;
- the right to be forgotten, i.e. the ability to have one’s personal data deleted if there is no legitimate reason to retain the data.
The maximum penalty for GDPR non-compliance would be 20 million euros or 4% of worldwide turnover, whichever is greater.
More information about GDPR is available at www.eugdpr.org and ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.
Microsoft has published its own GDPR compliance guide and best practices at www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.
Google has documented its own commitment to GDPR here.
Residents of Australia are covered under the Australia Privacy Act.