What Does GDPR Mean? When Does It Start? New Privacy Laws Explained

By Nina Godlewski On 5/25/18 at 9:12 AM EDT

A new law set to go into effect on Friday has shaken up business in the European Union and, by extension, the United States. Email inboxes on both continents have filled with new privacy policies and terms of service over the past couple of weeks as companies anticipate the new General Data Protection Regulation, or GDPR.

The European Parliament adopted the law in 2014, with a two-year grace period starting May 24, 2016. The grace period was meant to allow companies to prepare for GDPR to go into effect.

What Is the GDPR?

The new GDPR law is meant to protect consumers who give companies in Europe their personal data. It is meant to prevent companies from using that data incorrectly or in a way users hadn't consented to.

The law also gives users far more control over their own data. Under GDPR, users can ask a company for all the data that company has on them, and, if they wish, for the company to delete that data as well. Under the "right to be forgotten" rule, users now have to ask companies to delete the data collected on them personally.

What Does GDPR Mean for Technology Users in the United States?

Users in the United States will benefit from changes companies that operate in the EU made to comply with the new law. Many companies have made changes to their privacy policies across all continents; the difference is that users in the U.S. aren't protected legally by GDPR, because it's a European Union law.

Which Companies Will It Impact?

Any company, big or small, that operates in the EU and collects user data must comply with the new law. Companies that rely on data collection are more likely to face lawsuits for not complying, especially in the early days of the law.

The new law could be difficult for some companies to comply with. Most companies have never needed to turn over data they'd collected to a single user, or delete it. Under the new law, companies will need to do this for users who request it. Smaller companies could struggle to do so, especially if many users request it at once.

What Do Those New Privacy Policy Emails Say?

The emails consumers have been receiving for weeks mostly detail the changes companies are making to be GDPR-compliant. Companies are trying to lay out the ways they're complying with the new law so they can be as transparent as possible with their users. Many larger companies, like Facebook, have made changes for users worldwide when it comes to their data. Facebook even wrote a blog post announcing the new features that were added to the site, allowing users to control the ads they see as well as their data.

The full GDPR text is available here.