What is GDPR?

At this point you are probably as irritated as I am with the hundreds of e-mails in your inbox from companies and services you did not even remember exited, asking you to update your privacy and data agreement. That is because came into force last May 25th the new GDPR legislation: General Data Protection Regulation.

Lawmakers in Brussels passed the new legislation in April 2016, and the full text of the regulation has been published online. This legislation was created earlier than the recent scandals regarding Facebook and other tech companies and it has incredible and detailed guidelines on how companies may request, access and store your data. Misusing or carelessly handling personal information will bring fines of up to 20 million euros ($23.4m; £17.5m), or 4% of a company's global turnover. This means companies as big as Amazon or Google could face a fine up to $8.8 billion dollars.

Some of the new rights EU citizens have regarding their digital personal data are:

  • All EU citizens now have the right to see what information companies have about them, and to have that information deleted if requested.
  • Companies must be more active in gaining consent to collect and use data, instead of a simple "I agree with terms and conditions" tick box.
  • Companies must also tell all affected users about any data breach, and tell the overseeing authority within 72 hours.
  • You may ask a company to delete (erasure power) any information they may have about you or to correct it in case it's wrong.
  • Companies have also to keep your data secure in order not to be stolen.
  • Each EU member state must set up a supervisory authority, and these authorities will work together across borders to ensure companies comply.

The good news for the non-European countries is that even companies in the US and China will have to comply with the GDPR if they have data from EU citizens. This now makes the EU years ahead of the US in terms of digital personal data protection legislation. 

Here is a full description of the most important articles of the legislation:

GDPR-deep-dive—how-to-implement-the-right-to-be-forgotten_1.png