Stolen personal data drives a thriving black market for cybercriminals on a global basis. Typically defined as any data which can be used to identify an individual – this makes every organization that collects information such as passwords, credit card numbers, health information or addresses a prime target for cybercriminals. Not surprisingly, since 2013 data breaches have accounted for nearly 6 billion stolen data records globally.
In response to this increasing threat, the European Commission put forward the General Data Protection Regulation (GDPR) which has since been accepted by the European Parliament and Council and becomes law on May 25, 2018. The GDPR replaces the 20-year-old Data Protection Directive, strengthens many of the Directive’s original clauses and sets an higher standard for the protection of EU residents’ personal data.
If your organization collects or processes the personal data of EU residents, regardless of whether or not you have a physical presence in the EU, you are subject to the GDPR. Under the GDPR, the loss of data due to a lack of adequate policies and protection measures can result in fines up to 4% of corporate annual worldwide turnover or up to €20 million (Euros).