The European Union’s General Data Protection Regulation (GDPR) was brought into full effect on May 25, 2018.The new data protection rules clarify individual rights to the personal data collected by companies around the world for targeted advertising and other purposes.
1. The GDPR sets new rules for how companies manage and share personal data.
2. Though the rules apply only to the citizens of the European Union, the global nature of the internet means that nearly every online service will be affected.
3. While the regulation largely builds on the rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, it expands on those measures in two crucial ways:-
– The GDPR sets a higher bar for obtaining personal data on the internet, higher than ever seen before.
– The companies will have to clarify how long they retain data.
– So, any time a company will want to collect personal data of an EU citizen, it will require explicit and informed consent from the concerned person. The rule explicitly extends to companies based outside the EU.
Not much is expected to change for the user. The companies will continue to collect and analyse the personal data of users from phone, apps and sites visited by them. The companies would also be required to give the EU users the ability to access and delete data and to object to any particular data use.
The new rules will apply to all users in the European Union, regardless of where the companies collecting, analysing and using their data are located. Further, the companies based in the EU will have to offer the privacy protection rules to all their users, not just EU residents.