Access IRMI Online Talk With Us

Category Focus
Claims, Case Law, Legal

Commercial Auto

Commercial Liability

Commercial Property

COVID-19

Personal Lines and Small Business

Risk Financing and Captives
Risk Management

Specialty Lines

Workers Compensation

White Papers

Free Articles

Videos
Industry Focus
Agribusiness Industry

Construction Industry

Energy Industry
Transportation Industry

Insurance Industry
Conferences
Agribusiness Conference

Construction Risk Conference

Energy Risk and Insurance Conference
Transportation Risk Conference

Sessions On Demand
Insurance Education
Certifications

Agribusiness and Farm Insurance Specialist

Construction Risk and Insurance Specialist

Energy Risk and Insurance Specialist

Management Liability Insurance Specialist
Manufacturing Risk and Insurance Specialist

Transportation Risk and Insurance Professional

Continuing Education

Insurance Industry Training

IRMI Webinars
Subscribe
Plans and Pricing

Catalog

Request a Demo

IRMI Tutorials

Product Updates

Enterprise Subscriptions
Free Newsletters

White Papers

Product Tour

Podcast

How-To Videos
About IRMI
Our Mission

Our Story

Our Team

Our Brands
Press Releases

Careers

Contact Us

Advertise
Glossary
Terms
Acronyms
Membership
IRMI Webinars

Newsletters
White Papers

Join for Free

Home Term Insurance Definitions General Data Protection Regulation

General Data Protection Regulation GDPR

General Data Protection Regulation pertains to data privacy that was passed by the European Union and that went into effect in May 2018.

GDPR is aimed at improving security and enforcing notification requirements for all companies processing personal data for persons residing in the European Union, regardless of the company's location.

GDPR states that businesses can be fined "up to 4% of annual global turnover or €20 million (whichever is greater)" for the most serious violations. The GDPR makes notification of data breaches mandatory within 72 hours of a business becoming aware of the breach and when it is likely to result in a substantial risk to affected individuals. Any business operating in Europe or that has European users or customers—regardless of where the company itself is headquartered—must abide by GDPR. Since S&P's 500 US companies generate roughly one-seventh of their revenue in Europe, GDPR remains significant even in the United States.

Related Terms