Through the General Data Protection Regulation (GDPR) that comes into effect across the European Union on May 25, the European Union is preparing to enforce a sweeping new data protection law that gives consumers much more control over how their personal details are used. Companies are scrambling to comply.
Going forward, companies that sell goods and services to people in Europe will be impacted, as well as organizations that monitor people’s online behavior, for example by tracking browsing histories.The GDPR rules mean Silicon Valley has to change some of its business practices. Facebook, for example, has tens of million users in the European Union. So does Google.
Under the new law, companies will have to obtain an individual’s consent in order to store and process personal data. Requests must be clear and written in plain language. Regulators say the new rules are necessary to protect consumers in an era of multiple cyberattacks and data leaks, highlighted by Facebook’s admission that the personal details of millions of its users were abused.
Companies are also required to tell authorities about any data security breach within 72 hours of discovering it — a rule that should eliminate big gaps between the business finding out and customers being informed.