GDPR - General Data Protection Regulation Home Cybersecurity Dictionary GDPR - General Data Protection Regulation GDPR sets strict rules regarding the collection and processing for Personally Identifiable Information for citizens of the EU. It applies to all organizations holding and processing EU resident's personal data, regardless of geographic location. If any organization, worldwide offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements. GDPR effects departments across the enterprise – legal, IT and security – leading to the need to work cross-functionally across the organization. It includes increased fines, breach notifications, opt-in consent and responsibility for data transfer out of the EU. It permanently changed the way customer data is collected, stored and used. The fines for the most serious violations are very high and a percentage of total global revenue. Related TermsPII - Personally Identifiable InformationPIPEDA (Personal Information Protection and Electronic Documents Act) Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS BLOG October 25, 2017 GDPR Part 1: A Legal, IT, or Information Security Issue? The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU... See Details Read more about GDPR Part 1: A Legal, IT, or Information Security Issue? How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.