You've probably heard of the General Data Protection Regulation (that is, unless you've been under a rock the last month). The GDPR is a law governing data privacy in the European Union that will be implemented on May 25th. If you're online as often as I am, you've been bombarded with chatter declaring the end of the world not rivaled since the Y2K scare. Everyone who has something to gain from your fear is trying to capitalize on it. Charlatans, since the beginning of commerce, have been preying on the public's fear of change. I'm here to tell you that there is nothing to worry about.
The GDPR is merely an updated version of a law that was passed in the nineties and became outdated. The previous law, Data Protection Directive, did not account for the recent boom in AdTech (advertising technology). Have you ever visited a website, then have ads from that site appear on every site you visit for the next month? I have, and I bet you have too. That's the result of AdTech. It's the sale of your personal information and habits to people who want to sell you junk. Adam Kleinberg, in an article entitled Why Ad Tech is the Worst Thing That Ever Happened to Advertising, makes the case that this kind of marketing is intrusive, annoying, and not very effective. I agree.
What's The Big Change with GDPR Then?
The primary way the GDPR will differ from the already-existing DPD is quite simple. The definition of personal data and the penalty of violation will be uniform throughout the EU. Previously, each country would interpret these locally. Also, companies cannot sell the personal data of EU citizens without express consent. I don't have a problem with that. Do you?! Companies will additionally be required to announce data breaches within 72 hours. Remember when it took Equifax three months to let us know all the hackers of the world had our personal info? Yeah. I do too. This fixes that with a €20 million penalty. The GDPR also joins the responsibility of the websites, data storage companies, and all who are involved in storing personal data of EU citizens.
The bottom line is, unless you are selling your customers' private information for profit, you will not be negatively affected. You will only benefit. The greatest effect of the GDPR is that it will be most cost-effective for companies to extend these procedures to their customers outside the EU as well. Let's chalk this up as a win for the individual and a little extra work for the billionaire class.