You may have heard of the GDPR: it’s sweeping the news and is drawing attention to internet privacy policies all over the world.  An acronym for General Data Protection Regulation, the GDPR is a European Union law meant to protect the personal data of residents all over the continent.  Giving individuals the right to privacy, here’s what you need to know about the GDPR.

What You Need to Know About the GDPR

Limited to the EU, the GDPR is comprised of ninety-nine articles implemented to protect personal information from cyberattacks and from being traced, shared, and sold to third party organizations.  Focused on individual privacy, stricter data protection, the right to be forgotten, and more, this regulation is having a huge impact.

Before the GDPR, people were unknowingly having their personal data tracked, taken, and pawned off by various individuals and businesses.  As a result, hackers could maliciously acquire personal data and legitimate corporations could pursue laser-targeted marketing opportunities.  Now, all European residents -including people temporarily living in Europe- must be explicitly asked permission if a company wants to collect their data.  Here’s what is considered protected personal data under the GDPR.

  • Biometry
  • GPS location
  • Social media posts
  • Mailing and IP addresses
  • Electronic medical records

And, any other information that can be used to identify you.


The GDPR is the largest change in data protection in history.  There are various consequences put in place based on suspicion and level of violation, from basic investigations and audits to hefty fines and permanent bans on data processing.  Ultimately though, under any suspicion or violation, the DPA (Data Protection Authorities) has the authority to choose and execute all repercussions against regulation offenders.

How Businesses are Impacted by the GDPR

While the GDPR is still in its early phase, it is already clear that this new law is not faring well with businesses.  Already, multinational corporations such as Facebook, Google, and Amazon have spent millions of dollars to reconfigure their methods to be consistent with European requirements.

While larger businesses have the financial stability to manage and protect data, smaller companies often do not.  Affordability is a huge factor, and that’s why many predict small businesses will struggle to structure new data management and security systems.  The EU has recognized the hardship and has offered financial assistance to help companies abide by the strict provisions.  The support has come as a great comfort to small businesses, but many still face financial toil.

In addition to monetary set-backs, the GDPR also places marketing capabilities at risk.  Over the past few years, many individuals have expressed their distrust for the internet, and this wariness is trending.  Ad-blockers have been increasing at a 12% annual rate which has impacted the ability to trace user interests.  Data tracking is one tactic marketers use to evaluate buyer tendencies and target audiences.  So, with consumers protected by the GDPR and using ad-blockers, businesses in Europe may struggle to market effectively.

How the GDPR is Affecting the United States

The GDPR is affecting much more than multinational American businesses.  Since implemented this past May, there has been uproar about protecting personal data.  Many Americans are in favor of personal privacy, and California has taken a stand.

Putting millions of dollars and hundreds of thousands of signatures into the proposal, California residents will be impacted by the California Consumer Privacy Act  starting January 1, 2020.  The California law is not a carbon-copy of the GDPR, although it incorporates many of the same protections.

Here are the five main parts of the California Consumer Privacy Act:

  1. The act will allow companies to collect data on individuals, but not sell it without a person’s permission.
  2. The act will give people the right to know what data is being tracked.
  3. The act will give people the right to access all of their data saved by companies.
  4. The act will allow people to request that their data be deleted at any time.
  5. The act will fine companies who do not adhere to the regulations.

The California Consumer Privacy Act is the largest amendment to privacy rights the U.S. has experienced; and the change will surely be impactful.  In fact, it is expected that many businesses will apply the Act to the entire country, not just California.  This is because separating IP addresses would become too cumbersome for interstate commerce.  In addition, American companies would have the financial obligation of adhering to an individual’s personal data requests.  The clock is now ticking, and only time will tell what’s in store for the United States.

The GDPR is still relatively new, and it’s already making its mark.  This law affects every individual who steps foot on European soil and every business that operates there.  And the enthusiasm for online privacy is spreading.  With multinational and cloud-based organizations mandated to adhere to the regulation, countries all over the world are reevaluating their own laws, including the U.S.A.  Ultimately, what you need to know about the GDPR is simple: it protects personal online data, impacts European and global businesses, and most of all, the GDPR is forging a future that could affect you.

If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.