The internet is about to undergo a major regulatory overhaul.
On May 25, the General Data Protection Regulation (GDPR) — a set of data-handling rules put forth by European Union regulators — will go into effect. The new rules require all organizations — from local governments to giant corporations like Google GOOG, +0.24%[1] and Facebook FB, -0.61%[2] — to take special precautions to protect the personal data and privacy of EU citizens. Any company that has even a single client in the EU will be subject to the rules, meaning the implications reach far beyond the continent and will create changes affecting all internet users.
““Every large organization is global today,” said Rishi Bhargava co-founder of security company Demisto. “Any rule that is applied in Europe will have an effect to US citizens too.”
With high penalties at stake, companies are scrambling to comply. If they don’t they will be fined €20 million ($24.5 million) or 4% of their global annual revenue, whichever is higher, for each infraction. U.S.-based internet giants with users around the world including Facebook, Google and Twitter will be subject to the rules, making the potential fines hefty. With Facebook’s annual revenue at $40.7 billion, for example, a single infraction — not warning users how their data is being used, for instance — could cost the company $1.6 billion.
This is good news for consumers, said Michelle Dennedy, chief privacy officer at Cisco CSCO, -0.70%[3] comparing it to the first rules regulating children’s toys or medicine. “GDPR is not the end,” she said. “It is the beginning of the era in which we start to value personal data.”
Although GDPR is meant to apply to citizens of the EU, the changes will likely affect most Americans, said Hilary Wandall chief data governance officer at TrustArc, a privacy consulting company based in San Francisco and London that works with companies like IBM IBM, +0.62%[4] and Google GOOG, +0.24%[5] ...