A Quick Explanation of GDPR

Today (Friday May 25th) is the first day that new General Data Protection Regulations (GDPR) go into effect.  This is a new set of regulations covering the collection and use of personal data for all European Union (EU) citizens.

The GDPR has set off a chain of events as companies struggle to change their policies and practices around their use of data.  One result is a massive number of emails in your inbox with subjects like "We've updated our terms of service" or "Do you still want to hear from me?"

Some companies have gone so far as to block the use of their services by EU citizens while a few have simply closed up shop completely. This is due to the rather hefty fines related to violations. Companies can be fined up to €20 million or 4% of their global annual sales, whichever is bigger. Despite the struggles that businesses face, the idea behind GDPR is a good one.  It provides for three basic rights to individuals:

  • The right to request that a company delete any data it has collected about you.
  • The right to be notified if collected data has been compromised or breached
  • A requirement to destroy data that is no longer being used

Many companies that don't have a presence in Europe are still rushing to address these requirements because it applies to any organization that has data from any EU citizen.  So, for instance, if a visiting Italian provides her email address to a local retail store in Dallas that store is subject to the same requirements as Amazon or Facebook.

There is still a lot of uncertainty around how strictly these regulations will be enforced and it will be interesting to watch in the coming months.  For marketers there is even greater uncertainty around whether or not email list subscribers need to opt-in again which is why we are seeing so many of the "Do you still want these emails?" messages in our inboxes.