EU’s General Data Protection Regulation in Effect

May 29, 2018 Last Updated: May 29, 2018

On May 25, the General Data Protection Regulation (GDPR) went into effect in the European Union. This essentially is giving better privacy protection to Internet users in the EU. The main points of the act are: All companies must inform individuals of what data they collect, what their purpose for collecting it is, how long the company will keep it, and if the company is sharing it with any third parties. Users can also request copies of the collected data, as well as request the collected data be erased in certain situations.

So how does this affect people locally? For individual American consumers, there may be emails from companies informing them of updates to the company privacy policy. This may be advantageous to some American users, since they are now given a higher level of privacy and security for their online identity. This isn’t required of the companies in America, yet some are voluntarily opting to do so. Though there currently is no regulation like GDPR, other forms of protection already exist, like HIPAA (Health Insurance Portability and Accountability Act) and financial privacy laws.

Some businesses may be concerned about GDPR though. Since much modern advertising has been based upon targeting individuals from collected data, some argue that this is undermining their business practice. A response to this is that GDPR does not eliminate data collection, but rather encourages business to be creative with how they sell to individuals and to regard an individual’s privacy more as part of the business model, rather than just a policy stated on a website. With adaptive moves in business planning, GDPR won’t necessarily be a constraint on businesses.