What does GDPR stand for?

General Data Protection Regulation, or GDPR, is a policy aimed to grant internet users more control over their data, and therefore privacy, in nations apart of the European Union. This was originally approved in 2016 but will go in effect Friday, May 25, 2018. Under GDPR, personal data can only be used with the explicit consent of a consumer. The types of personal information that will be collected online has to clearly be stated as well as its purpose for collection, and there must be an option for the consumer to give no information at all. The consumer should also always be able to access this information and delete it if he/she so choose to do so. Facebook has already implemented this “access your information” tool. Users will now be aware of the data being stored, and how and where the company is utilizing it. If there is ever a data breach, a company is now required to report this breach to its consumers within 72 hours, whereas previously there was no requirement of a company to share this information with its consumers. The “right to be forgotten” is another policy under the GDPR that allows consumers to have companies completely erase the data they have collected on the consumer. The fine for not abiding by these new regulations is either 20 million euros, which is approximately $24 million, or 4% of the global revenue for that year, whichever is higher. Even if a company is not based in the EU, but have consumers that reside in the EU, they have to abide by these regulations or be charged the same fines. Hence why Facebook, Google, Apple, Twitter, and other international companies have begun implementing privacy changes.

Who is affected by GDPR?

As a consumer, the GDPR now allows you to hold companies accountable for your personal information in an unprecedented way. There will be more “I accept” boxes to click or decline and more terms and conditions to read, but the control on data belongs more so to the consumer than ever before.

As a marketer, the GDPR being enacted means a change in policy for your company. Regardless of your company’s origin, if it has even a single consumer in the EU, there will be changes to the way you collect data and advertise. An example of change is now when a consumer gives their email address to a company for any reason, rather than adding that email to a list, that company has to describe specifically how that email address will be used within their company, which also gives the consumer a choice to not accept. Sending an email to that consumer without their clearly stated consent is a violation of GDPR, and that company could be fined. Another example of change is that the targeted advertisements that appear on other websites based on one’s previous search inquiries will now be considered a violation of GDPR unless that company received clear consent from the consumer to allow their data to be collected, meaning remarketing advertising can only be implemented on consumers who have consented to this. Everything a company does now has to be pre-approved by the consumer, and additionally, the consumer must have access to change or withdrawal from the terms to which they agreed to initially.

GDPR is probably the most drastic implementation to data collecting in this generation. Its effects will be felt globally.