The General Data Protection Regulation (GDPR) was described by everyone as the European Union’s “game-changing data privacy law.” It went into effect in March of 2018 and businesses have been chasing compliance ever since.
They aren’t wrong. GDPR is the biggest data protection law to come about in the last 20 years since the internet, mobile devices, e-commerce, social media, and big data took off. It affects businesses of all sizes around the world.
But what does that really mean?:
In plain English, the GDPR set guidelines that businesses, organizations, non-profits, essentially anyone who touches someone’s personal information in connection with goods and/or services to EU residents. Money doesn’t even need to change hands – the rules can apply if you’re asking for people’s personal information in exchange for information, subscription to an email list, etc.
GDPR instructs businesses and organizations, but at its core, it’s about giving individuals control over their data. GDPR includes a number of pieces in place designed to provide that control, including:
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure/to be forgotten
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Combined, all of these rights give EU residents the right to be informed and understand how their personal data is being collected, stored, and used by companies. Companies have to get people’s content before using their data and they have to delete it if you ask them to. Learn more about the full scope of GDPR rights and how they differ from the new data protection law, CCPRA.