What is GDPR?

By now, you’ve heard of the GDPR (General Data Protection Regulation), the new law recently implemented across the European Union (EU) with the intention to give end-users the right to better control their personal data. The new regulations implemented on May 25th, 2018 were intended to put in place strict data protections and rules for companies that host or process data in Europe and potentially across the globe. The regulations and compliance can be a little confusing so we have broken down a few key points of the GDPR.

Why is GDPR important?

The GDPR is important to individuals and companies alike because the rules are strict and far reaching. With companies world wide collecting ever more data and with increasing sophistication, it is important for end-users to be vigilant regarding their own data and not assume companies will not use their data for their own personal gain.

It has become common practice to harvest data and sell that data to other businesses willing to pay for it. For example, here in the US, Facebook sold data to Cambridge Analytica in 2015 leading up to the Presidential elections. This data was used to display specific advertisements to targeted individuals, without specific consent to have their data used in that way. Without similar protections, once your data is in the hands of large corporations, there is no telling how it will be used and no recourse.

How will GDPR affect me?

The new regulations will afford end-users to more explicitly informed as to how their data will be used. Also, the GDPR allows end-users to request for their data to be erased or removed at any time and for any reason. In other words, users in the EU, now have the right to be forgotten by any firm they choose to evoke that right upon.

What does GDPR compliance look like for US professional service firms?

While the GDPR is currently in effect in the EU, some people believe that similar regulations could be passed here in the US. For this reason, some professional service firms have implemented and are complying fully with the GDPR, even if they do not work directly with customers in the EU.

If you have any questions on the GDPR, please email me at sdine@thinkcatalyst.co.