What do Sony Pictures, Pokémon Go creator Niantic Labs, Panamanian law firm Mossack Fonseca and the Democratic National Committee (DNC) all have in common? Each was hit by cyber attacks, leading to the unauthorized exposure of sensitive files with significant business and organizational repercussions.
In 2015, the European Union (EU) overhauled its 1995 Data Protection Directive. The new EU GDPR regulation, which requires compliance by May 25, 2018, will strengthen citizen rights such as the so-called “right to be forgotten,” or erasure of personal data records. The rules apply to companies with cloud services that process EU citizen data even if the servers are located outside the EU. Under GDPR, organizations must not only comply but also be able to demonstrate they comply.