Stories

Companies brace for European privacy rules

AP

U.S. companies are largely unprepared for what's about to hit them when sweeping new EU data laws take effect next year. The regulation — the General Data Protection Regulation (or GDPR) — is intended to give users more control of how their personal data is used and streamline data processes across the EU. Companies that fail to comply with the complex law will face steep fines of up to 4% of their global annual revenue.

Why it matters: Europe has by far taken the most aggressive regulatory stance on protecting consumer privacy and will in many ways be a litmus test for regulating the currency of the data economy. It impacts a huge number of businesses from advertisers to e-commerce platforms whose data flows through EU countries. That means everyone from Google to your neighbor who sells shoes on eBay could be affected.