Ahead of the law taking effect Friday, consumers also complained about a number of bureaucratic challenges, such as an influx of consent-seeking emails from companies trying to distribute their newsletters or doctors making their patients sign pages-long forms about how to store their data. No charge can be made for releasing this data (the first time you ask for it - a company can make an admin charge if you ask again later). "And being more accessible and transparent with the users", he explained. Mark Thompson, the global lead of privacy advisory at KPMG believes that "companies must be prepared to find out that just because I buy their insurance doesn't mean I want to hear from them more". And that means they get better protection.
The GDPR protects "personal data", which here means "any information relating to an identified or identifiable natural person"-and that's a pretty broad definition". Instead of separate rules in separate nations across Europe, there's now a single set for the entire EU.
- One worker was told that if your business provides a guest wifi, all connections must be recorded - as well as what the guests are viewing on the internet.
Companies have to use plain language to explain how they collect and use data.
You may have noticed your inbox being inundated with emails from companies asking you to review their privacy policies, or asking you to re-subscribe to their mailing lists.
You can now make a claim against the data processor, as well as the data controller, but can only win once from one. For other uses, such as ad targeting, companies can seek your consent. "IBM has been helping our customers to be ready for GDPR, and beyond that, we are calling on the entire tech industry to adhere to principles of ensuring all AI systems are secure, transparent and keep data private".More news: NY judge orders son to vacate house after parents' lawsuit
More news: AP learns Kushner now has a permanent security clearance
More news: Profit before tax at Marks and Spencer plummets 62.1%
There's also a somewhat vague category called "legitimate interests". Such "spammers" could face fines and enforcement action - but would have already been in breach of European Union law (and specifically the e-Privacy Directive) before the new data protection rules kicked in.
The rules also ease things for worldwide businesses in the European Union, because data regulations are now uniform across the economic zone. Ailidh Callander of the London-based group Privacy International says many questions will be tested in courts and further rulemaking.
In the wake of a series of data sharing scandals in the online world, many businesses here will also have to change the way they operate as a result of GDPR rules.
Some companies are extending at least some EU-style protections to all users. The new law changes the way companies are allowed to use your data and communicate with you. "In the end, you should be able to use Facebook without worrying 24/7 about your data", he added.