An Overview of the GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law that was passed in 2016, and recently went into effect on May 25, 2018.

The aim is to protect all individuals in the European Union from privacy and data breaches in our fast-changing world — one that's very different than it was in 1995, when the Data Protection Directive was established. GDPR addresses the export of personal data outside the EU and aims to give citizens more control over their personal data.

Components of this regulation include: 

• User data retrieval

• Consent to use of personal data

• Consent to use cookies

• Right to be anonymized

• Data breach monitoring and notification

Businesses based in the U.S. are affected since companies which collect personal data or behavioral information from someone in an EU country are subject to these news laws.

How does this affect you as their customer? Well, for starters, you have probably noticed that you've been getting a lot of privacy update notifications lately.

However, the purpose of GDPR is to protect your information, by providing greater transparency and control over how much of your data is shared. This is absolutely crucial because we live in a world where technology is more prevalent than ever before. Companies rely heavily on customer data, in order to sell products, gauge customer satisfaction, and ultimately turn a profit. For example, whenever you use a "free" social media service such as Twitter, Facebook, or Instagram, you're sharing your data with these companies, and potentially also third parties, which is why you will often see targeted advertisements based on your interests.

The implementation of GDPR comes after the 2017 Equifax cyberattack and in the wake of Facebook's recent Cambridge Analytica scandal. When hackers stole sensitive information from the Equifax database, such as driver's license and social security numbers, 143 million Americans were affected and the risk to consumers was especially high. Similarly, Facebook users were outraged by a data breach that occurred, although Facebook itself has refrained from using the words "data breach," with Zuckerberg instead calling it a "mistake" and a "breach of trust".

Companies have been doing a lot of work to conceptualize how to come into compliance with GDPR. This includes figuring out how to rationalize and track data flows, all while keeping their customers informed. Ultimately though, this new regulation protects your rights as an individual and a consumer, which is certainly a good thing.