Should U.S. companies be GDPR compliant? The short answer is yes. The General Data Protection Regulation (GDPR) is the European Union’s (EU) strengthened data protection rule covering all citizens of the EU, no matter where they are located in the world. Starting May 25th, 2018, the goal of the law is to give control of personal data back to the individual as well as placing restrictions on ‘hosters’ and ‘processors’ of that data.
While enforcement of the GDPR is still under debate, this is not a compliance program to be ignored by anyone outside of the EU. If you are an organization that happens to have the name, address and any other data point of a person from the EU in your data logs, you need to prove compliancy, or face stiff fines. Continue reading the full article.
By Ed Gorczyca, Chief Compliance Officer, Optimal IdM