From May 2018 most companies that do business within the EU and hold personal data about EU residents will have to comply with the General Data Protection Regulation (GDPR). This means it impacts companies globally not just in Europe. The risk management issue is massive. If companies fail to comply, the end result could be bankruptcy.
Colm Murphy, Director, Cybersecurity and Information Resilience, BSI Group, UK