Once in force, the European Union General Data Protection Regulation (GDPR) will require every multinational company that offers products or services to European Union residents to adhere to a strict set of data privacy and security measures. These requirements will apply equally to those companies’ business partners and call for the use of emerging technologies and for systems design concepts that will likely be new to U.S. information security professionals. However, those professionals can leverage much of their existing capabilities, along with the addition of a few key components, to meet these new requirements and enable compliance with the Regulation in all 28 EU member states.
IT leaders in many multinational companies have recognized the need to begin the process of making changes to their information infrastructure in order to meet the many requirements of the Regulation. This document was envisioned to assist information security professionals in prioritizing changes and additions to their information security programs.