The General Data Protection Regulation (GDPR) is a regulation that will
enforce a stronger data protection regime for organizations that operate in
the European Union (EU) and handle EU citizens’ data. GDPR constitutes
the protection of personal data of employees, customers and others. In case
organizations fail to comply with this regulation, they will be subject to
heavy fines and damaged reputation. Considering that personal data
represents critical and sensitive information that all organizations should
protect, such a regulation will help put in place appropriate procedures
and controls to prevent Information Security breaches. By May 2018, all
organizations that operate in the EU should comply with this regulation.