The European Union’s new rules on data protection and privacy — called the General Data Protection Regulation or GDPR — took effect on May 25. For U.S. residents, the GDPR is a welcome development because it offers more protections than they currently have under U.S. laws, according to Sinan Aral, management professor at MIT who co-leads the university’s Initiative on the Digital Economy. But for U.S. companies that do business in Europe and therefore are covered by GDPR, the penalties for violations are stiff: up to 20 million euros or 4% of their global annual revenue, whichever is higher, plus other punishments ranging from limits to a total ban on their data collection, and audits of their data processes.
Aral discussed the implications of the new regulations on the Knowledge@Wharton show podcast in May. Listen to the broadcast here.