In May, Europe ushered in a new normal for online privacy by enforcing the General Data Protection Regulation (GDPR). Noncompliance penalties at a rate of 4 percent of annual revenue or 20 million euros, whichever is higher, motivated companies worldwide to reevaluate their data privacy and data security programs. Your company may have achieved its strategic compliance goals by the deadline, but the GDPR is the new normal and requires a shift in the corporate mindset and associated budgets.

The GDPR pushed U.S. businesses to roll out global privacy programs. The regulation, along with Facebook’s data-sharing practices, as linked to Cambridge Analytica, inspired statutory innovation in the United States. In June, California passed its own GDPR-esque statute, which global companies must address in order to continue to do business in California. Japan and Argentina have also overhauled their domestic rules to comply with the GDPR, and other countries are likely to follow suit.