GDPR

GDPR is on its way.  The General Data Protection Regulation, GDPR, was passed by in April 2016 and it gets implemented on 25 May 2018.  There's a lot to it and but the bottom line is that Europe will now have the world's strongest data protection rules.

The GDPR directive gives control to European citizens, and residents, of their personal data.  The personal data can be anything that helps identify you including a person's name, a photo, an e-mail address, medical information, bank details, social media posts, and even computer data to include location data, an IP address, cookie data, and RFID tags.

Companies need to obtain informed consent from a person before collecting, storing, or using any personal data.  Any data collected must be minimised, accurate, portable, and secure.  An individual has the right to be forgotten which means that a company must delete personal data upon request and provide proof of deletion without any undue delay.  And in the case of a data breach, consumers must be notified within 72 hours.

This pertains to all EU and EEA countries.  It also pertains to companies outside of Europe if the personal data leaves Europe.  So for example, although I am an American citizen, I am a European resident so my personal data falls under GDPR protection when I sign up for a random mailing list in the USA.

And it's not like business can just ignore the law.  Fines for not complying with GDPR can reach up to €20 million or 4% of a company's global annual turnover.  For every time they violate the directive.  Ouch!!

Here are a couple of short videos I found out on YouTube that talk about GDPR.

©CNN Money

©Wall Street Journal

Update:  If I don't use a VPN then I often get notifications on U.S. sites that their material isn't available to me in Europe.