On May 25th, the General Data Protection Regulation (GDPR) went into effect. You may have already been bombarded by emails and website popups declaring updates to their Privacy terms and compliance with GDPR.
But, what is GDPR and how does it affect you?
GDPR is a set of standardized regulations that went into effect across Europe. Specifically, the laws affect the 28 countries of the European Union (EU).
So, being a citizen of the U.S., or a non-EU country, what does that mean for you?
First, any company that stores data that may be from one of the EU countries may be bound by these new regulations. So, if you are based in the U.S., but your company has EU offices, your organization will be governed by the GDPR.
Secondly, since more and more of our data is being stored in the Cloud, global companies are complying with these laws, regardless of where they, or their data centers, are located. Much like regulations dealing with financial, health care, government and education sectors, most data storage companies will be GDPR compliant as well.
This means that Microsoft, Google, and other international companies have adopted the GDPR compliance since they deal with data from EU countries. Even though you may not live in, or store data from, a country covered by the GDPR, compliance trickles down to you. You’ll find that most companies are not creating a separate set of services for countries covered by GDPR and those that are not. Instead they are implementing the security features and tools across the board.
For those of us here in the U.S., it means we get the benefits of the extra security provided by this new regulation.
Some of the data protected by the GDPR include:
- Physical attributes
- Location data
- Health information
- Economic, cultural, or social identity of a person
- Any identification number that may be assigned to you
- Online identifiers such as your IP address
For additional information, here are a few resources: