What the heck is GDPR?
What is GDPR?
General Data Protection Regulation (GDPR) is one of the most important pieces of legislation passed by the European Union (EU). It establishes guidelines for businesses in how they collect and process data of people within the EU in terms of technology and the internet.
The EU approved of the GDPR in April 2016 and it went into effect on May 25 in the United Kingdom. GDPR not only combines several existing laws and regulations, but it also substitutes EU’s 1995 Data Protection Directive and UK’s 1984 Data Protection. Even though GDPR affects every company, it affects technology firms, data brokers, and marketers more.
How It Effects Websites (Europe and America)?
In a world dominated by technology, the GDPR functions to protect the privacy rights of users and the content they create and publish online. GDPR will affect large, medium, and small-sized businesses in how they collect, store, and monitor their data.
Before collecting any data of users via their website, businesses will need to provide their users with an explicit notice when gathering their personal data. Users will have to give these businesses their explicit consent and without that, businesses cannot collect data.
Additionally, businesses will need to inform their users on how they plan to use their data in detail as well as use a process called pseudonymization, thus securing the identity of users. Personal data can include the user’s name, picture, email address, social media posts, medical details, and IP address.
GDPR’s “right to erasure” gives users the right to know the type of information the business has stored about them and can ask the business to delete the information if they feel it is an invasion of privacy. Under GDPR, businesses need to disclose data breaches to users within 72 hours of knowing about it and allow them to download and save a copy of their own private data.
Do I Need It If My Business is in America Only?
Presently, GDPR is only mandatory for businesses to follow based in the United Kingdom and EU. If you operate your business in the United States, GDPR does not apply to you. However, if the implementation of GDPR is successful, it could provide a framework for other countries such as the United States to follow and implement.