The EU's General Data Protection Regulation (GDPR) is set to go into effect on May 25. It will dramatically change current data privacy laws throughout Europe, strengthening the protection of personal data.
If they want to avoid hefty penalties, companies that conduct business in the EU—or even process personal data originating from the EU—need to ensure their business practices adhere to the new law's strict guidelines.
However, according to a recent report by Forrester Research, only about one-third of global companies say they are prepared for GDPR. Many have not yet completed the required work, which includes a data discovery process, data classification, data flow maps, and impact assessments—all of which will evolve their operating model toward privacy by design and by default.
One of the most important factors for companies to consider is GDPR's expanded definition of what is considered personal data. Under the previous regulations, for example, information such as age, race, gender, geographic location, and job title were protected because they could be used to identify a specific person.