The European Union’s General Data Protection Regulation (GDPR) goes into effect in just two months. Designed to ensure that organizations protect the personally identifiable information of individuals, this new set of rules is the most important data privacy change in two decades, according to the EU’s own GDPR web portal. While much of the responsibility for adherence falls to compliance and information security professionals, IT leaders must also understand the impact of GDPR – not only the requirements and risks associated with non-compliance, but also the resulting changes in data collection and governance.
In order to adhere to GDPR requirements, companies must figure out all the ways they gather and store the personally identifiable information of EU citizens, says Eric Simonson, managing partner with management consultancy Everest Group.
