What the GDPR Means for Companies in Europe and Beyond


Those right circumstances will take into consideration that an individual has no further commitments to the company - those of you wanting to get your Credit Card accounts deleted will have no joy we're afraid if you have outstanding debt. Facebook is no exception.

"If you are generally good with data protection, you are probably going to be alright with GDPR ... my concern is the companies that have never even thought about this and now are scrambling", said Richard Merrygold, data protection expert.

The General Data Protection Regulation, which requires companies doing business in Europe to give greater control to European Union citizens with regard to their own data, has meant inboxes flooded with privacy policy updates in the past couple of months. The GDPR is aimed at protecting personal data and empower users to demand that companies have to come clean on personal data that they have or delete it. And on May 23, it announced that it would start showing similar pop-ups to users outside the EU. The Cambridge Analytica scandal, where a researcher used a Facebook quiz to gather huge amounts of data on millions of Facebook users and then sold it to a consulting firm, is only the most recent example.

Three years ago, ahead of Schrems' pivotal court battles with Facebook and before most people even knew what GDPR was, we caught up with Schrems during a visit to Dublin. There are still a few more things we will be implimenting, like to allowing you to download your data, but we think we have got there.

"Anybody that is collecting personal data from European residents - not only citizens - needs to comply with this", Ale Brown, founder of Kirke Management Consulting, said in a phone interview from Vancouver. On Friday, a sweeping new directive goes into effect called the General Data Protection Regulation, or GDPR.

The law widens the definition of what will be considered personal data. However, in most cases firms must also show that they need the personal data for a specific objective. "Companies will have to put in "right to be forgotten" request".

More news: NY parents win legal battle to evict son, 30
More news: Harvey Weinstein Arrested on Charges of Rape in NY
More news: Texas Rangers vs. Kansas City Royals

It covers everything from giving people an opportunity to obtain, correct or remove personal data about themselves, to outlining rules for disclosing security breaches, to providing easily understood privacy policies and terms of service.

Will the new law hurt businesses that rely on data collection? One of the lawful reasons is that they've obtained consent to use it for a specific objective, but there are others like they need it to comply with legal obligations or that collecting it is in the public interest.

"GDPR is an important step forward for privacy rights in Europe and around the world, and we've been enthusiastic supporters of GDPR since it was first proposed in 2012", Julie Brill, corporate vice president and deputy general counsel, Microsoft, wrote in a blog post. "Companies need clarity to be able to safely extend operations across the EU".

Regulators will also look to hit the pocket books: Companies can be fined up to 4 per cent of their global revenue or €20 million, whichever is larger.

Why have some companies asked me to opt-in to emails, and others just offered an unsubscribe option?