The European Union (EU) published the General Data Protection Regulation (GDPR) in May 2016. After a two-year transition period, GDPR went into effect on May 25, 2018. GDPR applies to the processing and protection of the personal data of all data subjects, including customers, employees, and prospects. The regulation applies to organizations and data subjects in the European Union. Non-compliance with GDPR may result in huge fines, which can be the higher of €20M or 4 percent of an organization’s worldwide revenues.
In addition to GDPR, many local regulations, ranging from data sovereignty laws to industry-specific regulations, have been enacted, and no one expects the pace of regulations to slow down. A strong data governance program is a pivotal part of the landscape for GDPR compliance. The traditional data governance disciplines of data ownership, metadata management, data quality management, and model governance are critical to GDPR compliance.