ROYAL OAK – If you have a business that sells to clients in the European Union, you’re going to have to deal with a new regulation that starts May 25 requiring companies to protect the personal data and information of EU residents. Richard Stiennon, a cybersecurity expert from IT-Harvest in Birmingham, explains what this new regulation means to US-based businesses.

Stiennon says in this podcast that European Union General Data Protection (GDPR) is the EU’s way to combat the massive data breaches that have hit Google, Yahoo, Facebook and other major eCommerce and B2B players. If you have a business that collects data from EU residents, and you don’t comply with the new regulation, your business could be subject to a fine of €20 million or 4 percent of worldwide revenues, whichever is higher.

The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data-protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations. Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.

To learn more, click on