From 25 May 2018, any organization that processes or controls personally identifiable material about EU citizens must have implemented rigorous organizational and technical measures to comply with the General Data Protection Regulation (GDPR) or also known as the General Data Protection Regulation (AVG). Failure to comply with the GDPR entails high fines. Fines can amount to 4 percent of sales or to 20 million euros.
