The General Data Protection Regulation becomes law last Friday in the EU, a sweeping regulation that changes how companies handle user data in the EU. They’re now required to disclose what data they are collecting, how long it’s retained and who they are sharing it with. You’ve probably already noticed your inbox being filled with new Privacy Policy‘ updates from various software vendors and developers. (As usual, keep a sharp eye out for phishing scams – don’t just click on everything in your inbox) Larger companies have been preparing and sending out notices for quite some time, but many smaller vendors are scrambling and will have to modify the way that they treat customers in the EU as opposed to the rest of the world. Some sites, software and video games have ceased operating in the EU altogether rather than try to comply with the regulations.

GDPR doesn’t just effect citizens of the EU, but also people and companies outside of the EU that use software or applications from EU countries. On day one a lawsuit has already been filed against Facebook and Google for 7.8 billion dollars. The implications and changes of the GDPR are going to be playing out in the near future, and it is particularly interesting in the context of a global interconnected business environment – made possible by the internet. GDPR probably will not fade into the background and be just another acronym, but continue to generate lawsuits and legal challenges over a whole host of unforeseen but connected entities.

If your business is affected by the new laws, Microsoft has a good collection of resources and guides on compliance with the GDPR.

Leave a Reply

Your email address will not be published. Required fields are marked *