• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii

3

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Commentarydata privacy

Commentary: These New Regulations Could Transform U.S. Corporate Titans

By
Peter Zaffino
Peter Zaffino
Down Arrow Button Icon
By
Peter Zaffino
Peter Zaffino
Down Arrow Button Icon
February 6, 2018, 4:02 PM ET
Add Fortune on Google for similar content.

If you follow the breathless coverage of the recent stock market swings, you might imagine that CEOs are glued to their TV sets and refreshing stock tickers by the second. But strategic leaders understand how to separate the signal from the noise, and corporate executives I talk to are far more interested in the macro trends that will impact the global economy—and their companies—throughout 2018 and beyond.

One of these major, game-changing trends will hit the business world on May 25, 2018, when the European Union (EU) will begin enforcing the General Data Protection Regulation (GDPR), a comprehensive and aggressive approach to the increasingly complex challenge of protecting consumer information.

GDPR will codify data protection rules for all companies that collect data from EU citizens while greatly expanding individuals’ control over how and when their personal data is collected and used. And while the regulation is EU-based, it has global reach and implications. If even a single EU citizen visits the website of a company based anywhere in the world and data is collected on that individual, that company must comply with GDPR or risk severe penalization.

But it would be a mistake to think that the impact of these regulations will be limited to the tech titans. Gone are the days when one blanket opt-in can bind all users to broad data collection. Under the new rules, these companies will need to be much more specific about how they will use data and get permission for these specific uses.

But it would be a mistake to think that the impact of GDPR is limited to the tech titans. In the U.S. especially, where many companies are built on their ability to capture, sell, or leverage data to target individuals, the new regulations—which grant individuals the right to have their information deleted from databases under various circumstances—will force businesses of all sizes and kinds to dramatically rethink their data practices.

Companies that don’t comply face potential penalties of up to 4% of their annual global revenue or €20 million, whichever is higher. And with member nations ramping up their enforcement capabilities as we speak (the United Kingdom alone is hiring 200 enforcement staff), it is becoming clear that all companies, not just the industry giants, could be targeted.

Facing a new regulatory minefield, U.S.-based companies have a narrow window of time to assess their capabilities and vulnerabilities and address areas of concern. In the short time until GDPR implementation and enforcement begins, companies should pay particular attention to the four key components of the new regulation:

Breach reporting

U.S. state and federal laws have long required reporting of many types of data breaches, so this is not entirely new. But GDPR expands the definition of a breach, and mandates that authorities be notified within 72 hours—and if the controller determines that the breach “is likely to result in a high risk to rights and freedoms of individuals,” then affected individuals must be notified “without undue delay.” Companies will need to create an expectation among their cybersecurity teams to identify and report incidents much more quickly.

Consent

Getting individuals to check one box agreeing to a thousand words of terms and conditions is no longer acceptable by EU standards. The terms must now be written clearly, consent for each term must be gained separately, and consent must be renewed regularly. Records of consent must be auditable. Companies will no longer be able to rely on the fine print and must have privacy policies that are clear and consumer-friendly.

Access and correction

EU citizens will now have the right to know what information a company has gathered on them. The information must be produced electronically, and wrong or incomplete information must be corrected on request. This will require a new level of record-keeping and will make it harder for bad actors to hide consumer-unfriendly data usage.

Deletion

The “right to be forgotten” made headlines in the U.S. in 2014 when a citizen of Spain won a judgment that Google had to take down personal information about him. GDPR extends this right much further, requiring companies to delete even non-publicly shared data under a variety of circumstances. If the user asks to be forgotten and then a month later gets an email solicitation from that company, they can file a complaint. Following this regulation will be one of the most challenging aspects of GDPR.

Every company needs a plan that maps its data processes and data handling procedures, identifies gaps and actions needed to close those gaps, and prioritizes these actions based on risk. It is also critically important to have clear procedures in place so that if and when a vulnerability is determined, the company is prepared to communicate effectively to lawyers and government officials, as well as customers, employees, investors, and other stakeholders. Compliance officers should keep a very close eye on early enforcement efforts, as they will provide critical insight into how to allocate compliance resources going forward.

At the same time, there is no one silver bullet for becoming a GDPR-compliant organization. Because there is no history to study, all companies must start from square one. The key to success will be adopting the mentality that privacy—like user-friendliness and quality customer service—is a fundamental expectation to be integrated at every level of operations.

With just a few months to go before GDPR takes effect, perhaps the greatest fear is of the unknown. We know that GDPR will cause a fundamental shift in the way companies collect, manage, and utilize the customer data they collect. Yet many companies are waiting for the first shoe to drop in order to react. That’s a mistake. Now is the time to be proactive—for the good of the customer and the business.

Peter Zaffino is the CEO of general insurance and global chief operating officer for AIG.

About the Author
By Peter Zaffino
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Commentary

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Commentary

rn
CommentaryCryptocurrency
Former Iran director at NSC: Crypto legislation is a ticket to sanctions evasion
By Richard NephewJuly 2, 2026
14 hours ago
m
Commentary250 Years of Innovation
McKinsey chairs: Building a more resilient industrial base may require $2 trillion in investment
By Eric Kutcher and Shubham SinghalJuly 2, 2026
14 hours ago
em
Commentary250 Years of Innovation
America’s 250th birthday has Elon Musk and a record IPO. Its 15th had Alexander Hamilton — and a stock market bubble
By Owen LamontJuly 2, 2026
17 hours ago
paramount
CommentaryAntitrust
How Paramount’s theater commitments could boost local economies across the nation
By Ike BrannonJuly 2, 2026
17 hours ago
elon
CommentaryChina
China has 400 private space companies. The West is barely paying attention
By Rainer ZitelmannJuly 2, 2026
19 hours ago
senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
2 days ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 days ago
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
Success
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
By Sasha RogelbergJuly 2, 2026
11 hours ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
8 days ago
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Success
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
By Orianna Rosa RoyleJuly 2, 2026
21 hours ago
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
Success
Americans are escaping the U.S. for New Zealand where house prices have hit a new low—but only wealthy Americans with $3 million spare can invest
By Emma BurleighJuly 2, 2026
13 hours ago
Current price of oil as of July 2, 2026
Personal Finance
Current price of oil as of July 2, 2026
By Joseph HostetlerJuly 2, 2026
14 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.