The General Data Protection Regulation (GDPR) is the most stringent data privacy and security law passed by the European Union (EU) that came into practice on May 25, 2018. GDPR fosters uniform data protection within the EU. However, the scope of the regulation extends beyond it to all organizations that connect goods or services to EU citizens or handle Personally Identifiable Information (PII) data of EU residents.
GDPR is the most authoritative privacy regulation that affects global organizations. It makes the organizations responsible for the privacy and security of personal information. The law sticks to the vision of upholding individual rights while processing personal data. A maximum ﬁne of 4% of global turnover is a vital consideration as it directly impacts organizational profitability. The reputation impact and loss in shareholder value would increase the residual risk that the organizations need to manage.