General Data Protection Regulation (GDPR)

As the internet is becoming a staple for online commercial transactions, the world is growing more concerned over the safety of personal information. Many states allow web users to register their car or renew their driver’s license online, but need them to supply additional personal information. You begin to wonder: what are companies doing to protect your information? What happens if there's a data breach and your information is compromised? You look into various companies, and note that they are in compliance with GDPR.

The General Data Protection Regulation (GDPR) is a regulation designed to protect the data information of individuals and companies within the European Union. As you look through the guidelines, you'll see that the GDPR is intended to cover all companies that deal with EU citizens' data. Now you know that, if a company like Amazon has customers in the EU, then they must follow the guidelines set by the GDPR. (Online retailers like Amazon are not the only companies that must comply with these regulations; other companies include banks, insurance companies, and other financial companies.)

The GDPR was adopted in April of 2016, and it added to other EU policies to protect citizens' data. Some of these new rules may require companies to pseudonymize personally identifiable information (PII) so that the data collected cannot be traced back to a specific person. This is a process of replacing identifying information such as name, address, etc. with artificial information...in the same way that an author might use a pseudonym to hide her identity. This helps protect the citizen’s information from being compromised. Amazon is gathering data to see what products are popular or best sellers, instead of using your personal information. They can fill in information like "John Doe" as your name, or even "Customer 1234." All they need to use for data collection is the marketing information, not your personal stuff.

GDPR includes areas such as financial sectors, human resources, and even information technology by protecting the IP addresses of internet users. While companies need specific data to report for statistics, market research, etc, the GDPR builds on the idea that the individual can be forgotten and become...just a number. While this still allows companies to collect data, it prevents individuals from being profiled or targeted by those companies.

One criticism is that many companies may have to change their business structure to ensure compliance with the GDPR. Costs and investments in this regulation may increase, and education and training in data protection will increase as well. You can rest easy knowing there is someone out there intent on protecting your personal information.

Hopefully. We think. Maybe.

Find other enlightening terms in Shmoop Finance Genius Bar(f)