Companies that collect data on citizens in European Union (EU) countries need to comply with strict rules around protecting customer data. The General Data Protection Regulation (GDPR) sets a standard for consumer rights regarding their data, but companies will be challenged to maintain compliance.
GDPR compliance causes some concerns and expectations of security teams. For example, the GDPR takes a wide view of what constitutes personally identifiable information (PII). Companies need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address, and Social Security number.