The General Data Protection Regulation (GDPR) is the most important change in data protection legislation in the last 20 years. When it is finally activated on May 25, 2018, it will give European citizens control of their own personal data. Its impact will not only be felt in Europe, but will have many implications for companies around the world that store data on the European continent.

What is GDPR?

 GDPR is a new regulation on privacy and security of personal data regulated by the European Commission. The new data protection will implement important changes to Europe's privacy legislation. It will also replace the outdated 1995 data protection rule.

What is the purpose of the new laws?

 They were written to give citizens power over their own data and how it is processed and used.

 According to the new rules, people have the "right to be forgotten." This means that they can ask companies to delete their data that is no longer necessary or correct. The regulations also want to simplify the legal framework.

How will it affect people?

 In addition to the right to be forgotten, the legislation also contains means that give users more rights over their own data.

However, there is a whole gray area about how it will be done in reality. The new laws allow someone, in theory, to request social networks like Facebook to delete their entire profile, however, the process by which people can apply the laws in these types of cases is still unclear.

And although the new laws call for a “right to be forgotten”, freedom of expression laws will ensure that this does not apply to the news. In addition, the user will be able to transfer their data to another service more easily. And this is ideal for consumers because it is now easier to switch between electricity and water providers, insurance companies or Internet providers.

What is the impact on companies?

This new legislation is therefore good for consumers, but will also mean larger fines for cases that do not comply with these laws. This is because data breaches have been occurring with increasing frequency in recent years. But giving consumers control over their data is not that simple.

In addition, figuring out how to securely maintain and use data, as well as effectively delete it, becomes a technical and human resources minefield.

How much will this cost?

The most important change to the legislation is the increase in the fine companies can impose if they fail to comply - up to 4% of their global turnover of 20 million - whichever is greater.

This threat is certainly big enough for many companies to adjust the way they handle data.

What are the possible consequences?

Once GDPR goes live, companies will face more legal challenges from individuals and groups taking charge of the privacy of those citizens. But they may also receive fewer challenges from the individual legislative branches of the countries involved thanks to the "one-stop shop" clause that restricts the legislator to the country where the company is located.