Data protection law

Mimecast simplifies compliance with the data protection law

The EU's data protection law is changing information management.

The European Union's General Data Protection Regulation 2016/679 (GDPR) is a data protection law that is creating sweeping change in the way organizations manage the personal information of EU residents.

Under the new data protection law, organizations worldwide must obtain explicit consent from EU residents to store or process their personal data. Individuals have the right to request whatever data is being stored about them from any organization. They may withdraw their consent to its use at any time, forcing organizations to destroy the data within one month at the latest.

For organizations that don't comply with GDPR requirements, the penalties are high: upwards of £20 million or 4% of total yearly worldwide revenue, whichever figure is greater.

The changes in information management to comply with the data protection law will require significant investments of time and money, and the May 2018 deadline for implementation is quickly drawing close. Organizations that want to ensure GDPR compliance will need to quickly review and potentially overhaul the way they handle personal information.