The GDPR replaces the 1995 EU Data Directive ("Directive") and will apply to organizations involved in the "processing" of the "personal data" of individual EU citizens. (Photo: Shutterstock)
When finally effective on May 25, 2018, the European Union's long-anticipated General Data Protection Regulation (GDPR) will dramatically expand the scope of entities covered by the European data protection framework, imposing EU regulation on a wide range of U.S. companies that utilize the personal information of EU individuals in their businesses but were not previously subject to EU data protection protocols.
While many U.S. companies have recognized and are prepared to meet this considerable new compliance challenge, others remain unaware of the obligations it will impose (or, in some cases, of the GDPR's very existence) or have simply forgotten. This is true despite the fact that many of these entities' are generally aware of privacy protection-related risk, and maintain privacy and network security ("cyber") insurance coverage to protect against such risk.
Recommended For You
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.