On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU.  The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain.  The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.

According to Forrester, the regulation has five key requirements:

• If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO).  The function may be filled by individuals with legal, privacy, security, marketing, or customer experience.  The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers.  The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption.  They…