The EU’s General Data Protection Regulation (GDPR) went into effect in May, requiring all organizations that handle the data of EU citizens to comply with its provisions regarding collecting and using personal data. However, a majority of companies likely missed the compliance deadline, and many employees remain unaware of the policies needed to keep data safe.
“Data privacy is a hot topic with GDPR going into effect,” said Dave Rickard, technical director at CIPHER Security. “An awful lot of companies may not think they have exposure to it, but there are lots of variables in that.”
For example, one online retailer Rickard works with has many customers from the EU, but can’t geolocate them from the website. Others don’t work with EU citizens, but have data processing and storage facilities there, which are also subject to GDPR.
GDPR will likely influence data privacy policies in other countries, Rickard said. However, cultural differences, particularly between the EU and US, may make this difficult.