ABSTRACT
This introduction presents an overview of the key concepts discussed in the subsequent chapters of this book. The book looks at both European Union (EU) and non-EU organizations and explains how to comply with the General Data Protection Regulation (GDPR) without necessarily having to change the way that a whole organization operates. When considering the risk of litigation those organizations that are based in the US and are in-scope for GDPR should be particularly wary. Given the high degree of non-compliance and readiness as well as the prevalence of a litigious culture, there is potentially a perfect storm in the USA which could lead to many organizations being fined directly by regulators or taken to court by individuals and non-business groups. The GDPR was passed in the 28 member-countries of the EU on 14 April 2016 and came into force 20 days later. There was then a two-year transition period to give organizations time to comply with the requirements.
