HPE Explains What European GDPR Privacy Regulations Mean to U.S. Firms

Data privacy is a primary concern for end users and technology vendors alike in the modern world. Among the most stringent data privacy compliance regimes is the European Union's General Data Protection Regulation (GDPR).

In  a video interview with eWEEK, David Jones, senior vice president of the Security and Information Governance Business Unit at Hewlett Packard Enterprise, explains what the new European Union privacy regulations mean to U.S. companies.

In the past, compliance requirements were largely driven by U.S.-based regulations, but that has changed in recent years, with the GDPR being a primary example. The European Union's parliament approved the GDPR in April 2016, and it is set to become an enforced regulation in May 2018.

At its most basic level, the GDPR requires organizations to understand what information they have, who has access to the information  and where the information resides, according to Jones. Organizations then need to take the necessary steps to protect privacy-related user information.

"Where the GDPR is really focused on is personally identifiable information [PII]," he said.

PII can include items such as credit card numbers, Social Security numbers, birthdays and home addresses, which are collected both online and in various aspects of normal business activities. Jones said that understanding where data resides is the first step in dealing with the GDPR as it defines where the risk might exist.

"The regulations go on to state that organizations have to take reasonable steps to secure the information, meaning if the information is breached or compromised in some way, that it is not useful," he said.

There are multiple things that organizations can and should be doing to protect PII, including data encryption. Additionally, Jones said activities such as e-discovery, compliance archiving and security content management all play roles in GDPR compliance as well.

"The GDPR applies to anyone that is doing business in the EU, so anyone selling into it or has employees there," he said. "Fines for noncompliance are 4 percent of global revenue, and that can be enormous."

Watch the video interview with David Jones above.