What do I purchase?
Where can I use this?
What Is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR, since 2018) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.
The GDPR mandates that EU visitors be given a number of data disclosures. The site must also take steps to facilitate such EU consumer rights as a timely notification in the event of personal data being breached. Adopted in April 2016, the Regulation came into full effect in May 2018, after a two-year transition period.
Customer-Service Requirements of the GDPR
Under the rules, visitors must be notified of data the site collects from them and explicitly consent to that information-gathering, by clicking on an Agree button or other action.1 (This requirement largely explains the ubiquitous presence of disclosures that sites collect “cookies”—small files that hold personal information such as site settings and preferences.)
Sites must also notify visitors in a timely way if any of their personal data held by the site is breached.2 These EU requirements may be more stringent than those required in the jurisdiction in which the site is located.