How EU's New GDPR Privacy Requirements Affect U.S. Companies | eWeek

HPE Explains What European GDPR Privacy Regulations Mean to U.S. Firms

David Jones
May 1, 2017
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Data privacy is a primary concern for end users and technology vendors alike in the modern world. Among the most stringent data privacy compliance regimes is the European Union’s General Data Protection Regulation (GDPR).

In  a video interview with eWEEK, David Jones, senior vice president of the Security and Information Governance Business Unit at Hewlett Packard Enterprise, explains what the new European Union privacy regulations mean to U.S. companies.

In the past, compliance requirements were largely driven by U.S.-based regulations, but that has changed in recent years, with the GDPR being a primary example. The European Union’s parliament approved the GDPR in April 2016, and it is set to become an enforced regulation in May 2018.

At its most basic level, the GDPR requires organizations to understand what information they have, who has access to the information  and where the information resides, according to Jones. Organizations then need to take the necessary steps to protect privacy-related user information.

“Where the GDPR is really focused on is personally identifiable information [PII],” he said.

PII can include items such as credit card numbers, Social Security numbers, birthdays and home addresses, which are collected both online and in various aspects of normal business activities. Jones said that understanding where data resides is the first step in dealing with the GDPR as it defines where the risk might exist.

“The regulations go on to state that organizations have to take reasonable steps to secure the information, meaning if the information is breached or compromised in some way, that it is not useful,” he said.

There are multiple things that organizations can and should be doing to protect PII, including data encryption. Additionally, Jones said activities such as e-discovery, compliance archiving and security content management all play roles in GDPR compliance as well.

“The GDPR applies to anyone that is doing business in the EU, so anyone selling into it or has employees there,” he said. “Fines for noncompliance are 4 percent of global revenue, and that can be enormous.”

Watch the video interview with David Jones above.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.