The GDPR is the initial of "General Regulation for Data Protection" and designates the last European directive concerning personal data, published in 2016 and which is in application since May 2018. It provides for: strengthened obligations to protect data held by companies, devices relating to the expression of consent to collection and the development of the concept of portability.

Some concrete examples are:

The pre-cleared boxes will no longer be accepted to validate a consent

The consent of the children of less than 16 years will not be accepted any more

No consent can be of an indefinite duration, it is always possible to go back on its decision

The possibility of asking to erase your data at a supplier as well as all its affiliated partners (don't worry, you just have to do it at the supplier, who will validate the deletion of your information at its partners).

Here are some new features for your data:

Transparency: You will now have to be clear about all the data collected

Data portability: you could recover your data from Facebook and transfer them to Linkedin for example

The right of opposition: The possibility to oppose to profiling, or to direct marketing purposes.

It would be important to always keep a register of data and especially what we do with it (Yes more work for the agencies)

Increase the responsibilities of the subcontractors: because new security standards must be put in place: In case of hacking you must inform all stakeholders of the data collection, first: the supervisory authority, the person responsible for the treatment and the final consumer

In addition, in case of hacking, you must inform all stakeholders of the data capture, in the following order:

1. The control authority
2. The person in charge of the treatment
3. The final consumer

All this will give birth to a job that some people qualify as a job of the future which is the "Data Privacy Officer" who must be recruited for a minimum of 2 years for any processing of a multitude of data.

How can we be sure that we respect all this?

New certifications are now possible with the release of this new law including ISO 27001, be careful because the fine can go up to 10 million euros, or 4% of your annual global revenue.

This also applies to non-European companies that collect user data in Europe

Any security breach must be reported within 72 hours, this does not only apply to companies but also to bloggers, small businesses, and entrepreneurs

You should not be afraid of all this, but simply be ethical with your lists. I personally recommend following these few rules every time:

Highlight the "I agree to receive emails from ...."

Put the text "This site uses cookies for a better experience ...."

Put all the details of the tools used for your analytics data, even the external providers

Document all data deletions in your database

Don "t think that a checkbox will decrease your subscription rate, again stay ethical, your lists will keep growing.

And last but not least, don "t do it just for European users, but like us be GDPR all over the world.

Your subscribers or users around the world want to be treated well

Of course, check all this with your lawyer

More information on the CNIL website here