What is the GDPR?
The General Data Protection Regulation, or GDPR, is the now well-known EU law that came into effect in May 2018 with the purpose to create a uniform standard of data protection law in the European Union – and beyond.
It lays down the rules for the protection of natural persons and their right to privacy with regard to the processing and free movement of personal data.
In other words, it rules how companies and organizations are allowed to process the personal data of European citizens.
In a sense, the GDPR is the first uniform, legal step towards shaping an understanding of what data really is – and how we should think about it. Data is not just exhaust that giant ad tech companies can suck up for free, as has been the dominant practice for a decade on the Internet.
On the contrary, the GDPR lays the foundation for a new way of thinking about the data we generate with our online behavior: it ultimately belongs to the user and it is therefore the user who must consent to any collection and processing of it.
GDPR compliance entails respecting user privacy and anonymity.
Even though it is a European law, its purpose is data protection and the protection of the right to privacy for all EU citizens, and so any website in the world who services Europeans and process their personal data is required to achieve GDPR compliance.
In total, the GDPR empowers EU citizens with eight individual rights, including the right not to have one’s personal data collected and processed without prior consent.
GDPR compliance regulates the flow of EU data on the Internet.
