GDPR Overview

Fifty-two percent of US businesses process EU citizen data and are in scope for the GDPR. ¹ Ninety-two percent of US multinational companies have identified compliance with the General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between US$1 million and US$10 million for GDPR readiness and compliance efforts, with 9% expecting to spend over US$10 million, says Jay Cline, PwC's US privacy leader. ² In fact, a MediaPro survey found that 54% of US companies have made GDPR readiness a top focus for 2018. Surprisingly, the General Data Protection Regulation, set to be enacted on May 25, remains unfamiliar to many professionals working in these companies. ³

The European Union's General Data Protection Regulation (GDPR) and California's Consumer Protection Act (CCPA) are the newest regulations that require a digital asset approach to ensure that the systems that process privacy data have sufficient integrity and confidentiality.

When putting together a privacy program, one has to consider all compliance regulations that are needed. Best practice is to adopt the most stringent aspects of the applicable laws into one compliance program. Therefore, considering the magnitude of companies in scope for GPDPR, there will be considerable focus on the GDPR requirements.

In terms of privacy, in this book, we will be focusing on the most prescriptive of the two regulations. CCPA is fairly new, however GDPR took over five years to enact and is now being enforced in mass. In this chapter, we will look at terminology, privacy impact assessment, and explore a case study.