PPB January 2018

Data Redefined | FEATURE D ata can be described as the lifeblood of today’s economy. Through the years, its intrinsic value has evolved into a critical asset for business growth and competitiveness. And yet, the opportunity that data presents also comes with great risk and responsibility. Many battle over who should own and benefit from data, consequently elevating the need for privacy protection and stringent standards. What was once a business- practice afterthought is about to be elevated in importance by a new piece of legislation out of the European Union (EU), bringing data protection to the forefront for virtually any company. The General Data Protection Regulation, more commonly known as the GDPR, took more than four years of back-and-forth discussion to develop before its adoption in April 2016. The regulation was designed to protect EU residents in an increasingly data-driven world, ending the patchwork of legislation that existed under the Data Protection Directive (DPD). Set to go into effect on May 25, the new regulation will replace the DPD, carrying forward key principles within a modern, updated framework. As the global economy moves further into a connected network, changes on the other side of the world can have a far-reaching impact close to home. The GDPR will apply to any company that interacts with an EU data subject, regardless of where the company is located. The widened geographic reach means a vast range of U.S. businesses that previously did not need to comply with EU data protection rules will now be affected by the full scope of the forthcoming law. While previous drafts of the proposed legislation suggested extreme measures, the final draft is perceived as commercially balanced and can be seen as an evolution of the current law rather than a revolution. The regulation’s scope is remarkably broad; it will force many companies, wherever their location, to comply with its requirements. Penalties underscore the gravity of the mandate. Any company that markets goods or services on a public platform can be subject to the GDPR. Even if your company has no subsidiaries, | JANUARY 2018 | 83