Companies brace for European privacy rules

US companies are largely unprepared for what's about to hit them when sweeping new European Union data laws take effect in 2018. The regulation — the General Data Protection Regulation (or GDPR) — is intended to give users more control of how their personal data is used and streamline data processes across the EU. Companies that fail to comply with the complex law will face steep fines of up to 4% of their global annual revenue.

Europe has by far taken the most aggressive regulatory stance on protecting consumer privacy and will in many ways be a litmus test for regulating the currency of the data economy. It impacts a huge number of businesses from advertisers to e-commerce platforms whose data flows through EU countries. That means everyone from Google to your neighbor who sells shoes on eBay could be affected.