Personal data security

General Data Protection Regulation (GDPR) requirements, deadlines and facts

Companies that do business in European Union countries will need to comply with strict new rules around protecting customer data within the next year. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. That means companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance.