Maybe you’ve heard someone mention GDPR in passing, but were too embarrassed to ask what those letters actually stood for. Or maybe your friend posted something online about what GDPR means for online data protection. At the very least, you’ve probably received a few dozen emails from various companies about how their updated their privacy policies comply with the new law.
But if you’re wondering what this thing actually is you’re not alone. Public interest in the looming regulations has risen steadily over the past few months. Now that it’s finally arrived, here’s what you need to know about GDPR, and how you can make these new internet rules work for you.
So what is it?
General Data Protection Regulation is a new set of rules and regulations for how internet companies should behave in Europe. It focuses mainly on data and privacy protection. The law became official in 2016 with a two-year period for companies to comply. As of May 25, that deadline has passed.
GDPR was developed by the European Union, so it legally only applies to EU member countries. However, its impact will still be felt around the world. After all, almost all of the biggest tech giants have millions of customers in Europe.
Facebook knows way too much about all of us, but it's not the only company hoarding everyone's private data. Google knows just as much about us as Facebook (if not more), and that should trouble you, even if that data hasn't been used as recklessly - at least, not that we know of.Read more
The biggest change (and one you may have already noticed) is that tech companies need to reveal the user data they collect. European residents will be allowed to request access to that data, find out how it’s being used and demand that companies either delete or correct it where possible. Thanks to GDPR, companies will also need to reveal any sort of data breach within 72 hours.
To enforce these laws, EU regulators can fine companies that don’t comply by up to four per cent of their global revenue. That may not sound like a lot, but for a company like Amazon it comes to just over $US7 ($9) billion.
The big new European data-privacy law known as the General Data Protection Regulation (GDPR) is here and it's ushered in a host of changes to the way companies treat your personal information.Read more
Does the deadline actually matter?
The short answer is: probably not. Despite that two-year runway, about 60 per cent of companies aren’t ready for GDPR. On top of that, the law is extremely complicated, especially when it comes to the way personal data is defined. So it’s possible some companies will never be able to fully comply.
Don’t expect to see a bunch of tech giants and startups get fined immediately, though. EU regulators are expected to use the first few years to figure out exactly how to enforce GDPR. So it could be a year or two before the crackdowns really begin.
What the new law means for you
In the meantime there’s plenty you can do to take advantage of GDPR — even if you’re not an EU resident.
If you’re not in Europe, you won’t have as much control over how that information gets used, but it’s still useful (and interesting) to see exactly what these tech giants know about you.
All the cool services are getting data dumps - that little link you click somewhere in a settings menu that triggers the service to send you all the data it collects from you (and everything you've used it to do, theoretically).Read more
Some companies are also adding new privacy features that are worth checking out. Facebook has an updated Privacy Checkup buried deep in its website. Twitter’s also introduced a new “Your Twitter data” option in the settings menu that reveals how it targets you with different ads based on your interests.
Keep an eye out for website pop-ups and banner ads as well, since some companies are using those to break the news instead.
At the very least, those GDPR emails clogging your inbox are a useful reminder of all the websites and apps you signed up for years ago and then forgot about. Use Europe’s new privacy law as an opportunity to shore up your online privacy by cancelling the services you no longer use.