Who is impacted?
Any company that stores or processes personal information of or about a Citizen of the European Union must comply with GDPR.  This applies to companies whether they have a presence in the EU or not.

Key takeaways
GDPR places a heavy emphasis on maintaining control of data
and the ability to track and digitally account for data within 72 hours of a breach.
Penalties
Violations can result in fines of up to $20 million U.S. Dollars or 4% of an organization’s global annual revenue (whichever is greater).
Additional GDPR mandates
  • Organizations to institute risk averse processes and a Cyber Security Framework that addresses secure data destruction
  • Appoint a Data Protection Officer (DPO, for companies handling data on a ‘large scale) responsible for implementing secure processes
  • Data must be destroyed within the four walls of an organization as GDPR explicitly requires organizations always maintain control of their data
White Paper
|
May 2020 QUICK LINKS:
GDPR
|
NIST
|
LGPD
|
CCPA