On May 25, 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) will take effect throughout all European Union member states. GDPR is a new regulation by which the European Commission intends to strengthen and unify data protection for individuals whose data is managed by organizations within the EU and for EU resident data worldwide.

In short, every country that does business in the EU must conform to GDPR standards. Many companies, particularly in the EU, are already well on their way to compliance. Others are only beginning to consider the consequences of GDPR; they face months of hurried efforts to align with GDPR requirements.
While GDPR has been widely publicized and discussed, myths abound.
Myth 1: GDPR is like Y2K
Some firms are tackling GDPR with the same hysteria prevalent during the Y2K millennium bug, approaching GDPR as a single project with a defined end date. But GDPR is not just a “point in time” activity. Also, many firms believe that phenomena like Y2K and now GDPR are overblown. But compliance with GDPR should be the default position for legitimate firms.
Myth 2: No one will get fined
Some think the risks of heavy fines are over-exaggerated. But targeted enforcement is likely, and authorities may go after high-profile companies or companies with particularly egregious data processing faults. Assuming no one will get fined may pose high-impact risks.