• General Data Protection Regulation (GDPR) encompasses data gathered and processed on “data subjects” residing within the European Union (EU). Data subjects do not need to be EU citizens for the regulation to apply.
  • The regulation applies to any organization controlling or processing data from EU data subjects, regardless of whether the business is located in the EU.
  • Under GDPR, data subjects have the right to access the data captured on them, the right to correct it, the right to request that the data be erased and the right to obtain a portable copy that can be transferred to another entity.
  • With its focus on unified data governance, the process of GDPR compliance can transform the business in terms of data insights, improved practices and enhance trust with customers and colleagues.
  • The penalty for noncompliance is the greater of either 20 million euros or 4 percent of annual revenues.