What Is GDPR and Why Should You Care?

What is it?

GDPR stands for General Data Protection Regulation. The new regulation came out of Europe in 2012 in order to prepare for the digital age. Now, as of May 25, 2018, the rules are finally put into motion and the personal data of citizens is more protected than ever before. 

Check it out: GDPR: What Is It and How Might It Affect You?

What Does This Mean?

The point of the General Data Protection Regulation is that it gives people more control over their personal online data. Because we live in an increasingly connected and public digital world, it’s important for laws to adjust to the way we live. Europe has taken the driver’s seat on this initiative and it will affect any business which collects personal data for use.

The laws before this took affect were different and came from a different time where society didn’t use technology and social media like we do now. Fundamentally, nearly every part of our lives revolves around online data in some capacity. Social media channels, stores, banks, government, etc. all use some form of personal data such as your name, a photo, email address, home address, credit card information, medical information and much more that is collected and analyzed by different organizations and businesses.

Check it out: Cybersecurity Laws Agencies Need to Know

What Is GDPR Compliance?

As of May 25th, 2018, the EU has imposed large fines and penalties on companies that do not comply with their new set of data protection rules. The guidelines of the GDPR are there to protect consumers of the EU and in turn, build up more trust between citizens and companies who collect personal information.

As a company that collects potential sensitive and personal information from consumers, you must protect all data that you’ve collected legally from any form of misuse or exploitation and respect the rights of those consumers who have given their data over. Unfortunately, things happen, such as data breaches. When this happens, and an outside party gains access to personal consumer data without their permission, it is the responsibility of the company from who they stole from, to provide proper notification within a 72-hour period to both the affected individuals and the data protection agency. If these specifications are not met after a breach, the company experiencing the situation, will be subject to penalties.

Check it out: So, You've Been Hacked, Now What?

Does It Mean Anything For The U.S?

Well, just because GDPR began in the EU, doesn’t mean it won’t impact business in the U.S. If you are a business that requires personal information from customers from any European country, then listen up! While GDPR is coming out of Europe, it can’t just apply to European countries. European citizens do businesses internationally and that means even some businesses in the United States will be required to comply with the new rules to protect their European customers.

The new set of rules will force any large company to maintain records of personal customer data and how they store it and how the data is processed. Bigger business across the pond will now be liable for any data breach they experience that puts their European customer information at risk.

Check it out: GDPR Compliance Checklist

What Does This Mean For Consumers?

Because of the immense amount of information we all share through our social media channels and online transactions through banking and different entertainment subscriptions, etc., we are more vulnerable than ever. Just as the amount of personal data put online has increased, so has the amount of hacks and breaches in the last several years. It's not realistic for people to refrain from putting personal information online at their own discretion, because the world isn't as compatible with pen and paper anymore. So, in order to protect consumers from outside, unapproved parties gaining access to their information, GDPR is here for them. This is a new set of guidelines that works to serve consumers first and foremost. 

Your data is your own, and when you sign agreements for businesses to use your data, it is in their hands. With GDPR, consumers have access to details of their data and how its used, on their own terms. Some businesses have began to implement more transparent policies beforehand by contacting their customers through email addressing how their data is being used and giving them the option to opt-out if they disagree with the use. 

GDPR also offers consumers the opportunity to "be forgotten". This is a new process that gives new rights to consumers who no longer wish to share their information with a company and can ask to have all of their processed data deleted with no grounds for retaining it in the future.