Where’s the impact? That’s the question many are asking as the EU General Data Protection Regulation (GDPR) continues its phase-in process. The GDPR, set forth by the European Commission, is intended to strengthen and unify data protection for EU residents.
By extending the scope of the EU data protection law to apply to all foreign companies processing data of EU residents, the law is intended to help non-European companies better comply with the data protection regulations.
But oh, the risks that come with such change. To start, companies will be required to maintain documentation to show compliance. Also, there must be a clear consent proven before processing personal data. Then there’s the data protection impact assessment, another requirement. Plus, companies will be expected to employ data protection by design methodology.
These requirements, among others, apply to businesses of all sizes.