Maybe you’ve heard someone mention GDPR in passing, but were too embarrassed to ask what those letters actually stood for. Or maybe your friend posted something online about what GDPR means for online data protection. At the very least, you’ve probably received a few dozen emails from various companies about how their updated their privacy policies comply with the new law.
But if you’re wondering what this thing actually is you’re not alone. Public interest in the looming regulations has risen steadily over the past few months. Now that it’s finally arrived, here’s what you need to know about GDPR, and how you can make these new internet rules work for you.
General Data Protection Regulation is a new set of rules and regulations for how internet companies should behave in Europe. It focuses mainly on data and privacy protection. The law became official in 2016 with a two-year period for companies to comply. Now, as of Friday, May 25, that deadline has arrived.
GDPR was developed by the European Union, so it legally only applies to EU member countries. However, its impact will still be felt around the world. After all, almost all of the biggest tech giants have millions of customers in Europe.
The biggest change (and one you may have already noticed) is that tech companies need to reveal the user data they collect. European residents will be allowed to request access to that data, find out how it’s being used, and demand that companies either delete or correct it where possible. Thanks to GDPR, companies will also need to reveal any sort of data breach within 72 hours.
To enforce these laws, EU regulators can fine companies that don’t comply by up to four percent of their global revenue. That may not sound like a lot, but for a company like Amazon it comes to just over $7 billion.
The short answer is: probably not. Despite that two-year runway, about 60 percent of companies aren’t ready for GDPR. On top of that, the law is extremely complicated, especially when it comes to the way personal data is defined. So it’s possible some companies will never be able to fully comply.
Don’t expect to see a bunch of tech giants and startups get fined immediately, though. EU regulators are expected to use the first few years to figure out exactly how to enforce GDPR. So it could be a year or two before the crackdowns really begin.
In the meantime there’s plenty you can do to take advantage of GDPR—even if you’re not an EU resident.
Thanks to GDPR, companies are rolling out new services designed to reveal exactly what they know about you. You can already request your data from Facebook , Google , Apple , Instagram , and Microsoft. If you’re not in Europe, you won’t have as much control over how that information gets used, but it’s still useful (and interesting) to see exactly what these tech giants know about you.
Some companies are also adding new privacy features that are worth checking out. Facebook has an updated Privacy Checkup buried deep in its website. Twitter’s also introduced a new “Your Twitter data” option in the settings menu that reveals how it targets you with different ads based on your interests.
At the very least, those GDPR emails clogging your inbox are a useful reminder of all the websites and apps you signed up for years ago and then forgot about. Use Europe’s new privacy law as an opportunity to shore up your online privacy by cancelling the services you no longer use.