The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The new mandates include:
• Cyber security & data breach notification obligation
• Mandatory data protection officer requirement
• Customer consent
• Cross border data transfer rules
• Customer profiling rules
• Data portability
• Vendor management
• Code of conduct
The consequences can be severe: GDPR authorizes regulators to levy remarkably steep fines in amounts exceeding 20 million euros or four percent of annual global turnover (whichever is higher).