Short for General Data Protection Regulation, this EU data protection directive goes into effect on May 25th, 2018 and has been cited as the most important change in data privacy regulation in 20 years.
Approved by the EU Parliament on April 14th of 2016, GDPR actually replaces the EU Data Protection Directive of 1980 (throwback) which aimed to protect personal data and the fundamental human right of privacy for citizens of the EU.
The updated principles of GDPR endorsed by both the EU and the US as it relates to processing, using or exchanging such data include:
Lawfulness, Fairness, and Transparency
Personal data processing activities should be communicated to data subjects in an open and honest manner.
Data Quality and Accuracy
Personal data being processed should be accurate, complete, and kept up-to-date.
Purpose Limitation
Collecting and processing personal data should be done so for the specified purpose only.
Data Minimization and Proportionality
Only personal data that is relevant and for a necessary purpose should be processed.
Storage Limitation
Only personal data that is relevant and for a necessary purpose should be retained.
Integrity and Confidentiality
Personal data must be secure.
Accountability
Personal data must be processed responsibly and demonstrate compliance with EU and member state data protection laws.
GDPR applies to companies which operate in the EU but isn’t limited in scope to such companies. GDPR actually applies to any company handling personal data of EU data subjects, regardless of the location of such company.
The tentacles of GDPR are essentially extended globally to capture any website which stores information obtained from any EU site visitor, which, as you can imagine, probably includes every large website around the world. Whether you’re a European company, a North American Company, or a Japanese company, if you collect and process information of EU data subjects, you are subject to compliance with the provisions of GDPR.
For more on the interesting concepts and changes to the privacy and data protection regime as well as the implications GDPR has on personalization programs, check out this in-depth break down.
