GDPR is the European Union’s personal data protection regulations, with sets of guiding principles and personal data rights. These include forward-looking regulations setting the landscape of how personal data gets collected, processed, analyzed, stored, retained, monetized, and accessed by any organization that collects data in the EU. Its goal is the protection of individual privacy.
As the European Commission puts it, “It’s your data—take control” The pillars of GDPR are:
THE RIGHT TO KNOW WHO IS PROCESSING WHAT, AND WHY
THE RIGHT TO ACCESS YOUR DATA
THE RIGHT TO OBJECT
THE RIGHT TO CORRECT YOUR DATA
THE RIGHT TO HAVE DATA DELETED
THE RIGHT TO HAVE DATA FORGOTTEN
THE RIGHT TO HAVE A SAY WHEN DECISIONS ARE AUTOMATED
THE RIGHT TO MOVE YOUR DATA
Consumers will see impacts on the way they interact in almost every aspect of their daily activities and interactions (direct or indirect) on social media, internet communications, ecommerce, retailers, banks, governments, and professional and educational institutions—just to name a few. The biggest impacts GDPR will bring to consumers are consent to provide their personal data, awareness that their data is captured, and the option to opt out from certain data collection techniques and processes.
Various institutions, organizations, and corporations have started implementing compliance processes (email notifications, cookies acknowledgements, form consents, updated terms and conditions, updated marketing opt-ins, consent to remove all previously collected data) to engage consumers in their rights to manage and govern their data. These measures will also provide consumers with transparency in the notifications process of what data is/was/will be collected, as well as an option to opt in/out of retaining any previously provided personal data – emails, phone numbers, addresses, etc.
Consumers engaged with online retail and ecommerce activities will be faced with changing regulations on their online selling and ecommerce activities. Specifically, there will be regulations on how they collect and manage customer data, whether they are operating their own portals and data collectors or using B2B and B2C ecommerce websites like Alibaba, Amazon, EBay, Shopify, etc. Most importantly, consumers conducting ecommerce across national borders must abide by the GDPR’s Transfers of Personal Data to Third Countries or International Organizations, outlined in Articles 44-50.