First of all some basic facts about the General Data Protection Regulation (GDPR). If you haven’t heard about it, you should now pay attention and get some further information by visiting http://www.eugdpr.org/ or https://dsgvo.tips (for german readers). The GDPR will affect everybody working with personal data and is one of the major aspects of Human Data Responsibility (HDR).
The enforcement date of the GDPR is 25th May 2018. So you have little over one year of time to introduce the new rules to your company.
There will be extremely heavy fines for organizations who don’t work within the law. This can be up to 4% of the global annual turnover or 20 Million € (whichever is greater).
The rules affect every organization working with personal data of citizens of the European Union. So this is a worldwide topic.
I also want to point out, that IMHO the GDPR is a good thing. It is historically based on the CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION from the year 2000 (http://www.europarl.europa.eu/charter/pdf/text_en.pdf) where the protection of personal data (Article 8) is on the same level like Human Dignity (Aricle 1), the Right to life (Article 2) or Freedom of thought, conscience and religion (Article 10). …