1. What is the GDPR?
The headlong push by European and American companies to collect and mine consumer data can be compared to the 19th century Alaskan gold rush. Drawing upon a different historical metaphor, Doug Fisher, an Intel executive, predicted that data would be to the 21st century what oil was to the 20th century, an engine for corporate growth, with one significant difference—"oil is definite while data is renewable." Databases are key corporate assets, particularly in technology companies, and an up-to-date, growing database can lead directly to an increase in sales. When the data being collected and processed is about individuals who may not be aware that personal information has been collected and is being used, serious privacy concerns accompany this growth.
In response to these concerns, the European Union (EU) has adopted sweeping new rules governing the processing of personal data concerning natural persons, which become effective on May 25, 2018. EU Regulation 2016/679, the General Data Protection Regulation (GDPR), was enacted to respond to a perceived need for privacy law change in the face of dynamic developments in personal data processing technologies. The GDPR will apply in all 27 member states of the EU. EU companies, as well as non-EU companies who offer goods or services in the European market, will feel its effects. U.S. companies need to understand the GDPR and the ways it will change how they handle personal data.