The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and regulates how companies manage, use, and share personal data. The GDPR will take effect on May 25, 2018. The GDPR applies to natural persons, whatever their nationality or place of residence, whose personal data is processed and whose behavior is monitored while within the EU. This change in legislation means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies begin to adapt. The foundation of the GDPR builds on rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, and expands on these privacy measures in two critical ways. 1. The definition of and requirements around personal data have been expanded. First, the GDPR defines personal data as any information that can be used to identify directly or indirectly a data subject, such as an online identifier like an IP address. The GDPR sets a higher standard for collecting personal data than ever before. By default, any time a company obtains personal data on an EU resident, it will need a legal basis for collecting that data, such as explicit and informed consent from that person. Even more importantly, users also need a way to revoke that consent, and they can request all the data a company has collected on them as a way to verify that consent. These strong regulations explicitly extends to companies based outside the EU. Get the full story at HEBS Digital