The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).~Wikipedia
GDPR regulation goes into effect on May 25, 2018.
Industry experts in the United States are closely following the adoption of GDRP and advise organizations to prepare for the acceptance of some form of regulations following the European plan. Individual states are already adopting many of the GDPR regulations, although there is no sign of sweeping regulation from the federal government.
To explain GDPR at the most basic level, it attempts to regulate ALL organizations to follow a more uniform way of protecting personal information across the entire European Union. It will hold each organization to the same standards and consequences regardless of whether the organization resides in the EU or not or if processing of personal data takes place in the EU.
Consequences for non compliance or breaches can be severe. Fines can be up to 20 million Euros or four percent of worldwide annual revenue of the prior financial year, whichever is higher. Non compliance could be financially detrimental to an organization, its reputation and brand. The potential for lawsuits and business interruption could be devastating, and it could also lead to the suspension of any data being processed in the EU.
In terms of immediate impact on Americans, there is nothing that needs to be done if you never do business outside of the United States. But it is important to read up on the compliance if you do.
In view of the recent Facebook disclosures, many people are more aware than ever of mishandling of our personal information. The United States will surely be watching the EU for how this new regulation impacts organizations and individuals.