We have been spending a lot of time in Board meetings lately talking about GDPR.

GDPR stands for General Data Protection Regulation and is an EU regulation that, as written, will impact most Internet companies regardless of where they are located.

If you have not heard of GDPR and are running or working for an Internet company, you should wrap your head around it asap.

This Wikipedia entry does a pretty decent job explaining GDPR at a high level.

I heard someone explain GDPR as the “privacy equivalent of SOX.” I think that is a decent way to think about it.

This is serious regulation and complying is going to be hard and a lot of extra work. It will also impact product development and add overhead to that. The penalties for non compliance are massive and you cannot simply ignore this.

All that said, we did this to ourselves. The tech/Internet industry has run roughshod over user privacy for almost two decades now and we created the conditions for this regulation to pass.

The privacy equivalent of SOX.

So wrap your head around GDPR and prepare your company to comply. There is no other option.