“GDPR” stands for General Data Protection Regulation, a new legislation approved by EU Parliament, which goes into effect in May 2018. According to CIO, the main goal of the new legislation is the protection of freedoms and rights of all individuals located in the territory of European Union regardless of their citizenship.
So, what does this mean for companies (like software and service providers, publishers, and pretty much anyone who contacts you electronically? It means that every company, which collects data in European Union, must comply with the Regulation, even if the company itself is not present in EU. Oh, and get this, the expected penalties for those who won’t comply with the GDPR are rather impressive – maximum penalty equals 20 million euro or 4% of annual worldwide turnover, whatever is bigger – OUCH!
The body of the legislation consists of 11 chapters, 99 articles, and nearly two hundred recitals but here’s a few important snippets:
- Term “personal data” refers to any information relating to an identified or identifiable person.
- From now on, individuals will have significantly more knowledge and power to control personal information, shared with the companies.
- Individuals will have the power not only to withdraw consent to use their data but to move it elsewhere.
- According to the GDPR, data subjects should be instantly notified about the loss or disclosure of any type of their personal information if it’s expected to put under risk the rights and freedoms of a data subject.
See also, Mashable, GDPR is messing with a bunch of U.S. news sites in Europe