First and foremost, what does GDPR stand for?
(Assuming you know ‘WTF’ stands for..)
GDPR stands for General Data Protection Regulation, and is the latest and greatest parliamentary protocol which addresses how the European Union citizens’ data can be used by corporations. This massive regulation introduces very strict rules regarding gaining people’s consent to use their personal and identifiable data.
Customers will also have the right to request a company to delete their data at any time and the company must promptly comply. Customers will have the right to ask a company how and why their data is used and again, the company must tell them. Additionally, customers may request copies of any data that companies have on them and it must be in an easy-to-read format (whatever that means).
More importantly, if any company holding data realizes they have been breached, they must alert customers within 72 hours. GDPR protects us from another Equifax breach, which happened 6 months prior to public knowledge that personal data had been stolen.
WTF happens if my company violates or does not comply with GDPR?
Well, the penalties are huge. Any company that violates the new regulations can be fined up to 4% of the company’s global turnover.
But, my company is based in the United States so who cares?
If you are located in the United States, which I assume most of you reading this are, chances are you will still fall subject to the EU’s new regulations if you are targeting anyone outside of the United States. If you have one shred of someone’s personal data from the EU, then you must comply to GDPR guidelines. Facebook and Google are now compiling with GDPR’s new regulations, which means if you are advertising on either service and collecting data in the EU, you will need to comply as well.
With that being said, if you have no interest or intent to target EU users then you appear, for the moment, to be in the clear! It seems unlikely that the EU regulations will reach stateside companies only collecting user data in the US.
Want to know specifically how to comply with GDPR? Check out the resources below to make sure you are prepared.