What Does GDPR Mean? When Does It Start? New Privacy Laws Explained

A new law set to go into effect on Friday has shaken up business in the European Union and, by extension, the United States. Email inboxes on both continents have filled with new privacy policies and terms of service over the past couple of weeks as companies anticipate the new General Data Protection Regulation, or GDPR.

The European Parliament adopted the law in 2014, with a two-year grace period starting May 24, 2016. The grace period was meant to allow companies to prepare for GDPR to go into effect.

What Is the GDPR?

The new GDPR law is meant to protect consumers who give companies in Europe their personal data. It is meant to prevent companies from using that data incorrectly or in a way users hadn't consented to.

The law also gives users far more control over their own data. Under GDPR, users can ask a company for all the data that company has on them, and, if they wish, for the company to delete that data as well. Under the "right to be forgotten" rule, users now have to ask companies to delete the data collected on them personally.

What Does GDPR Mean for Technology Users in the United States?

Users in the United States will benefit from changes companies that operate in the EU made to comply with the new law. Many companies have made changes to their privacy policies across all continents; the difference is that users in the U.S. aren't protected legally by GDPR, because it's a European Union law.

Which Companies Will It Impact?

The new law could be difficult for some companies to comply with. Most companies have never needed to turn over data they'd collected to a single user, or delete it. Under the new law, companies will need to do this for users who request it. Smaller companies could struggle to do so, especially if many users request it at once.

What Do Those New Privacy Policy Emails Say?

The full GDPR text is available here.