Print this chapterPrint this chapter

The Ethical and Legal Implications of Information Systems

Non-Obvious Relationship Awareness

General Data Protection Regulation


GDPR Logo

The European Union, in an effort to help people take control over their personal data, passed the General Data Protection Regulation (GDPR) in May 2016. While this protection applies to the countries in the EU, it is having an impact of U.S. companies using the Internet as well. The regulation went into effect May 25, 2018.

EU and non-EU countries have different approaches to protecting the data of individuals. The focus in the U.S. has been on protecting data privacy so that it does not impact commercial interests.

In the EU the individual's data privacy rights supercede those of business. Under GDPR data cannot be transferred to countries that do not have adequate data protection for individuals. Currently, those countries include, but are not limited to, the United States, Korea, and Japan. While the GDPR applies to countries in the EU, it is having an impact around the world as businesses in other countries seek to comply with this regulation.IEEE Spectrum. Retrieved from https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr".

One week prior to the effective date of May 25, 2018, only 60% of companies surveyed reported they would be ready by the deadline.Information Management. Retrieved from https://www.information-management.com/opinion/playing-catch-up-with-the-general-data-protection-regulation".

Clearly, the message of GDPR has gone out around the world. It is likely that greater data protection regulations will forthcoming from the U.S. Congress as well.