U.S. financial services firms trying to manage regulations and guidance on data protection and cyber security from multiple jurisdictions, are about to face one of their biggest challenges yet when strict new European Union rules governing the use of personal information take effect.
The EU’s General Data Protection Regulation(GDPR), applies to all companies processing or controlling the personal information of EU residents, regardless of where those firms are located. The regulation is designed to protect the privacy rights of EU individuals. It was adopted in April 2016, and is set to go into effect May 25, 2018.
U.S. companies must take the EU rules seriously and begin implementing the necessary technologies, policies, and procedures as soon as possible to ensure they are ready to comply. They must also make sure that complying with GDPR doesn’t conflict with domestic U.S. regulations.
US based companies, like Facebook, will have to offer these protections to EU citizens as well. Somehow, Mark Zuckerburg believes he can exclude North American users from the privacy enhancements offered to EU citizens.