The General Data Protection Regulation is a rule from the European Union that places data protection requirements on all companies that process personal information when providing goods or services to EU residents. The regulation unifies data privacy/protection laws from all EU member countries. It takes effect May 25, 2018.
The GDPR applies to any business collecting personal data from a citizen of the European Union. It is a robust privacy law. For example, under GDPR, an individual’s IP address or cookie data must have the same level of protection as a company applies to name or Social Security Number.
Potential monetary penalties for failing to comply with GDPR are huge. Penalties can be assessed up to 20 million euro or 4% of global annual turnover, whichever is higher. Companies that do business with EU citizens and process personally identifiable data must make sure to comply with GDPR by the effective date or will be subject to significant penalties.