What Does GDPR Mean? When Does It Start? New Privacy Laws Explained

It's simple to collect that information, so there's no reason for them not to hoard it. So in theory, that could mean that you could call up Microsoft, ask to see what personal information it has about you and maybe ask Microsoft to delete it. "Right now we don't know if there's more or less than there was past year". And those are just the big scandals. "Companies will have to put in "right to be forgotten" request".

The EU has taken a dim view of the situation and is using the GDPR to try and rectify it.

You need to show you take data protection seriously; you could employ a data protection officer (DPO) to advise the business of its obligations, monitor company compliance and oversee staff training and enquiries. But there is no doubting its potential for enhancing our right to privacy and our fundamental right to protection of our personal data.

Data relating to your physical appearance and behaviour such as hair color, race, and height. It will just be easier in the long run to have one set of behaviors for how you treat personal information, instead of trying to have two systems, especially if your business is really worldwide. In certain circumstances, your hair color may be enough.

What Does the GDPR Do?

Most other companies who have said the same thing have also been similarly vague on timing.

The European Union has introduced sweeping new legislation to protect the privacy of its citizens. They can request to access their personal information stored, and if they so desire they can also choose to suspend or freeze processing of their aforementioned personal information. Companies have one month to comply. And users should be told why their data is needed.

The key to the regulation is that companies need to ask customers for their data in a clear and understandable way.

This will enable you to reuse your data - for instance, it could help you get a better energy deal if you upload your usage data to a switching service. It means those processing data must adopt "technical and organisational measures" for security purposes, such as pseudonymization and encryption.

The GDPR overhauls data protection laws in the European Union that predate the rise of the internet and, most importantly, foresees fines of up to 4 percent of global revenues for companies that break the rules.

The new law could be hard for some companies to comply with.

"If in the past you have given your consent to receive marketing emails of a company, then that consent is still valid", said Frederik Borgesius, a privacy researcher at the Free University Brussels. This is why pretty much every service you've ever given your email address to is contacting you. Companies that don't meet the standard face fines of up to €20 million (about USA $23 million, £17.5 million, AU $31 million) or 4% of annual turnover - whichever is higher.

The group NOYB.EU - which stands for "none of your business" - claims its action could force the USA internet giants to pay up to 7 billion euros ($8.2 billion).

The GDPR will sweep away the EU's outdated privacy legislation and harmonise how data is processed and handled across the region. The alert also highlights what data is used by advertisers and apps, has an option to turn off face recognition (it will not be turned on if it was already off), and ends with a prompt to read and accept the new terms of use and data policy. While companies generally aren't changing what they're doing, they are revising privacy policies to eliminate legalese. What does it mean and how does it affect you?

Which Companies Will It Impact?

The Information Commissioner's Office (ICO) has been granted new powers to act swiftly when people's data has been breached and allow her to hold rogue companies to account. It's been mere days, and the European Center for Digital Rights NOYB is already on Facebook's and Google's cases, who the watchdog claims are abusing the regulation.