GDPR 2018 is General Data Protection Regulation that will take in effect on 25th of May 2018.
In this video I'll explain what GDPR is and why should you care about it.
This EU regulation is set to increase user privacy and punish companies that neglect personal data safety. In this video I'll give you a summary of GDPR and the main points that might interest you as a company or private person. In GDPR will be big topic for companies as this will require some changes to the websites so that they comply to the new regulation.
If companies are not GDPR compliant then there are some severe fines.The new EU data protection regulation will affect any company that sells to EU citizens, this means in the US or UK GDPR will be followed as well.
GDPR examples: https://youtu.be/bVap-DYWKjg
Full regulation doc in pdf: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
GDPR Summary by EU: https://www.eugdpr.org/key-changes.html
Comprehensive video about the topic: https://www.youtube.com/watch?v=NxgZ57BTkFQ
General Data Protection Regulation is a long document that describes how companies should use and protect consumer data. It will take an effect on 25 May 2018. It will impact your company if you handle any data from EU citizen. So no matter where your company is based, if you collect data from EU citizens this will apply to you.
Now to consumers this is not that bad of a deal. This regulation gives power back to the people. As EU sees privacy as human right.
Now for companies this means that they need to look into their process and infrastructure. Analyze what is collected, where is it collected and how the data is used and how it is secured. This will give transparency to consumers, as we will know what is collected and why. There is also small benefits to companies as this will be one regulation across whole europe and not per country, as it is now.
Tracking is still allowed but you have to make sure it's done the right way. You need to get user's explicit consent in simple language and ability to opt out at any time.
What might be challenging is that current data has to oblige to the new regulation. So you need to make sure that old data has user's consent.
I think this regulation will be taken seriously as penalties are severe. At most, 20 million dollars or 4% of global turnover (whichever is higher).
There is no one entity that will monitor this regulation, however if you get too many complaints from consumers, you might get sued.
There are 7 key rights that GDPR emphasizes:
1. User consent to tracking and ability to opt out
2. Data breach notification within 72h after breach
3. Rights to access your own data
4. Right to be forgotten, so at any point you can ask the company to permanently delete your data
5. Data portability, you have the right to reuse the data elsewhere
6. Privacy by design, companies do out most to secure personal data
7. Data protection officer needs to be appointed if you are companie with 250+ employees