By Rojan Sthapit

General Data Protection Regulation, also known as GDPR, is the new law brought about by the European Union for protecting user data and information. It is a legal framework that sets guidelines for the collection and processing of personal information. This is the solution brought by the EU against the growing concerns of users over attacks on their personal data.

In current years threat to user’s data and personal information has increased. Data from companies such as Facebook and Google has been misused. Recently, the Cambridge Analytica scandal came out which shed light on the personal data of 87 million Facebook users being misused.

In this growing age of technology, almost all of us have a virtual life on the internet. We share our personal information on the internet without any hesitation. With most of the equipment in our households like thermostats, security cameras, smartphones, baby monitors, etc, connected to the internet, companies have easy access to their user’s data more than ever before. And it seems that companies are willing to use that data for making profits.

Regarding this issue, GDPR is the solution brought by the European Union. This was first drafted on May 24, 2016, but companies were given two years of time to implement them. As of May 25, 2018, the law has been implemented. This law will give the residents of the EU more control over their personal data. It basically gives citizens of the EU more say about what and how their data is being used by companies. Under GDPR, users can decide what information is allowed for the companies to keep. The companies are not allowed to share any of the user data without their approval.

Furthermore, EU resident users can now request companies to erase or modify their data information. And companies have to respond to those requests within 30 days. Companies operating in the EU have to comply with these new laws or else they can be fined.

If a company fails to comply with these laws and regulations, they can be fined up to 4% of their global revenue or 20 million euros, whichever is higher. This will mainly affect large companies such as Google, Facebook, and Amazon. For example, if Amazon was to be sued and found to have violated GDPR, it could be fined over 7 billion dollars. So companies have to take this new law seriously.

Although GDPR is implemented in only the EU for now, companies are updating their privacy policies for all of its users. But residents outside of the EU cannot sue companies for going against GDPR. For now, users outside the EU are entitled to these privacy policy updates as long as companies provide them with it. In the last few months, many companies have updated their privacy policies to comply with the new rules and regulations of the GDPR. You can see its example in your mail where many companies have sent mail regarding the updated policies and terms of services.

So, is this new law really the answer the users have been waiting for? In some ways, yes. This gives users more control over their personal data and information and prohibits companies to misuse their user’s information. This law also means that the companies will now focus more on data privacy. On-the-other-hand, this is a new law and will take some time for all the companies to update their policies. The law, in general, is very complex. But this is the step in the right direction.