GDPR (General Data Protection Regulation)
Yes, GDPR .... trending and more famous than Avengers: Infinity War right now.
You may have noticed a ton of emails from different social networks, newsletters, etc. about data policy updates. I don't know how many of you read beyond the subject, which usually is something like, "GDPR" (General Data Protection Regulation) Effective from May, 25.
The European Parliament adopted GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. GDPR also regulates the exportation of personal data outside of the EU.
It gives the citizens more control over how their data is collected and used and even this policy forces companies to explain everything that they do with the citizens' personal data.
GDPR has a huge effect on businesses outside of the EU, including in the U.S. GDPR has been implemented because the old Data Protection Policy was written before Facebook, Google, Twitter, etc. started collecting massive amounts of sensitives information through smartphones.
GDPR gives organizations guidelines on what they can or can't do with personal data, it gives more clarity over the kind of data being used and how companies will use it.
Any data that can identify you is now based on details like your name, phone number, username and address. This law has now also allowed companies to check people's geographical location (including IP address), even connecting it to the rules for sensitive information like sexual orientation, political opinion and nationality.
Firms are required to use the simple and clear language for policies, including "right to be forgotten" policy. Personal data needs to be transferable via a common file to the user, however, it is not absolute and certain conditions apply.
GDRP will have an impact beyond just Europe because many non-European businesses also collect or use EU citizens' data. If a firm doesn't comply with GDPR, the penalty to 4 million or 4% of total company turnover, whichever is higher.