“We’ve updated our privacy policy” said every online service provider, publisher and blogger ever.

Leading up to May 25th, 2018, web users worldwide received a flurry of privacy policy notifications. Even so, many do not know the reasoning behind these changes. Now that we have reached the calm after the storm, here is a brief explanation of GDPR and its implications. By now, most precautionary requirements and recommendations have already been thoroughly explained and therefore will not be covered in this segment.

The event itself can be summarized in one word chaotic. While the regulation was announced two years ago, organizations and individuals were given a grace period to become compliant; regardless, everyone was scrambling to update their policies.

What is GDPR?

General Data Protection Regulation, or GDPR for short, is a regulation that aims to protect the data and privacy of EU citizens. The regulation is, by far, the most impactful change in data privacy regulation within the last decade. It essentially grants more control of personal data to EU citizens. The primary reason why this announcement became every organization’s first priority was due to the hefty charges for non-compliance. These fines can go as high as €20 million (roughly USD $23 million or CAD $31 million) or 4% of annual global turnover for infringements of articles under the new regulation (there is more GDPR info available here).

Facebook Trouble

Recently, Facebook has been under scrutiny from the US Congress due to data privacy concerns. Mark Zuckerberg testified in front of the US Congress on April 10, 2018 and April 11, 2018. Images of the event will mark history (no pun intended) forever. More recently, Facebook received the maximum fine of £500,000 ($663,000 USD) from the Information Commissioner’s Office in November 2018 for the Cambridge Analytica scandal. This was the largest financial penalty available under the 1998 Data Protection Act. If this case happened under GDPR terms, the charge would be much higher. While the amount itself is a drop in the bucket for Facebook, the act of enforcing the fine has demonstrated the severity tied to non-compliance for all parties involved in data processing and storing.

Key Takeaways

GDPR is a EU regulation. Its introduction has sparked conversation globally in regards to data protection and privacy. Other countries will not necessarily mimic the exact framework of GDPR, but it will be used as a reference to model their own.

GDPR is only the beginning. Organizations should take data privacy seriously. This means continuing to dedicate efforts and resources towards creating a strategic, innovative and complete global data program.


Speaking of privacy, here’s another article that may be of interest to you: What is Differential Privacy?