Impacts of GDPR for people outside EU

The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe’s data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens.

Under the GDPR, companies have to switch from an opt-out approach to an opt-in approach. That is rather than giving users an option to opt-out of having their data collected and stored, users must permit to have their data collected and used. This applies to newsletters and other platforms where their data may be collected. It’s important to note that under GDPR, both processors and controllers are accountable for the handling of EU citizens’ data (processors – process data on behalf of another company which is the controllers). All companies that fall under those categories must be compliant with all GDPR requirements. That is why it is essential even for non-EU companies to understand and prepare for this.

For companies outside the EU, it will be necessary to audit the data the company handles. Finding out what data they have, where they have it and why they have it will be essential to addressing how long information must be kept and the processes used to delete it.