Cyberattacks and data breaches are in the news almost every day, frequently targeting government agencies, businesses and consumers. According to a national survey from the Pew Research Center, a majority of Americans (64 percent) have personally experienced a major data breach, and large shares of the public lack trust in key institutions – especially the federal government and social media sites – to protect their personal information.
In an effort to put some element of control back into consumers’ hands, in May 2018, the European Union introduced the GDPR regulation – the General Data Protection Regulation – a comprehensive set of rules designed to give EU citizens more control over their personal data, and simplifying the regulatory environment for businesses. GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU. The move was a major pivot towards protecting individuals, and a legislative stake in the ground by the EU to protect personal privacy.