At the Information Security Forum (ISF), we believe that the General Data Protection Regulation (GDPR) will be the biggest shake-up of global privacy law in decades. The GDPR not only redefines the scope of European Union (EU) data protection legislation, but forces organisations on a global scale to comply with its requirements. The regulation will have an international reach, affecting any organisation that handles the personal data of EU residents, irrespective of where it is processed.
Businesses face several challenges in preparing for the reform, including a widespread lack of awareness among internal stakeholders and implementing a culture change across the enterprise to address data protection requirements. The additional resources required to address the obligations are likely to increase compliance and data management costs while pulling attention and investment away from other important initiatives.
But it is not just in the area of privacy where legislation will bite. The increasing burden of compliance and legislative variances across jurisdictions will impact multi-nationals and those businesses targeting international trade. However, in the longer term, organisations who adopt and meet the requirements of the EU GDPR will benefit from the uniformity introduced by the reform. Smart businesses are already seeing the opportunity to turn compliance actions into tangible business benefits.