GDPR Primer


The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy for all residents of the European Union (EU) and the European Economic Area (EEA). Among the key features are:

Clear Language
Before: Privacy policies in lengthy, complicated terms.
Now:    Privacy policies must be in clear, straightforward language.

Consent From User
Before: Silence means consent, or consent is hidden behind obtuse legalese.
Now:    Silence or obfuscation means no consent.

Transparency
Before: Data is used for unpermissioned purposes (eg. sign-ups sold to marketeers).
Now:    Users must agree to any and all reuse of data, even in algorithms.

Stronger Rights
Before: Silent when data is pilfered; cannot transfer, get copy or delete.
Now:    Users must be notified, users can transfer, download and delete their data.

Stronger Enforcement
Before: EU authorities have limited means, coordination and sanctions.
Now:    New European Data Protection Board and fines to € 20M or 4% of turnover.

Notes