The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, for consumer protection in the European Union. After years of mishandled data, lax security, and new technologies, GDPR now requires businesses to protect the personal data and information of EU citizens. The regulation took years to draft and implement and is a modernization of other outdated policies. This means privacy policies for just about every high-profile business were updated for the May 2018 deadline. While GDPR technically only protects consumers in Europe, many of the consumer privacy and security best practices are now being deployed globally. Many businesses assume similar regulations will continue to develop and advance outside of the EU. But that’s really only a short summary: GDPR is a huge, complex topic and can be difficult to understand. The details are packaged into a massive 261-page document with dense legal language. In this article you will find a list of official GDPR resources as well as some 3rd party interpretations and summaries to help understand this important new regulation. You can also read up on how Tableau is approaching GDPR compliance on the Tableau blog and in Tableau’s legal documentation.
Overview of GDPR & official resources
“The European Commission's 2018 reform of EU data protection rules”
Source: The European Commission (European Union) A good first step is going right to the source. This is the European Commission’s official page for the GDPR and its implications. Here, you will find detailed documents about the rules for business, the rights of citizens, and further GDPR resources answering some frequently asked questions and what it all means.
GDPR Portal
Source: EU GDPR The EU GDPR Portal is an educational resource that helps contextualize the new regulation. Of particular note is the section regarding key changes and how this latest regulation differs from the previous Data Protection Direction of 1995. The GDPR is an iteration on the previous protection and intended to safeguard user rights and user data. If you want all the technical details and legal language, the site also lists historical revisions of what eventually became GDPR. You can see everything from the draft and final texts from the initial proposal in January 2012, to the amended and council texts in March 2014 and June 2015, to the final version in December 2015. It even has a comparison chart to compare the various versions so you can learn how the conversation changed.
GDPR Overview
Source: Wikipedia The GDPR Wikipedia article is incredibly helpful for summarizing and pointing out some of the most important highlights of the regulation in a single page. This covers technical details, the goals of the regulation, the historical timeline, the scope and requirements, the restrictions, and relevant discussions and challenges. There are also loads of citations and references to further reading for anyone looking for more information. If you’re looking for something accessible and handy
The EU’s Data Protection Law hub
Source: The European Commission (European Union) This is an official guide to the policies, information, and services within the EU by the European Commission. The GDPR law page details information about data protection in the EU, including rights and legislation, and how those rules have been reformed with GDPR. It also covers rules for data transfers outside the EU for personal data, as well as binding corporate rules for multinational companies.
Resources on why GDPR happened
“How did we get here? An overview of important regulatory events leading up to the GDPR”
Source: EU GDPR Portal Once again, the EU GDPR site has a great section on the events leading up to the GDPR and why it was needed. Both the GDPR and the Data Protection Direction of 1995 were based on the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data from 1980. The timeline shows the journey from the original attempts at protecting data to regulating privacy.
“Your inbox is being flooded with emails about privacy. Here's why”
Source: CNN Tech One of the first clues that something had changed for consumers out of the loop with EU regulations was May 2018’s deluge of sudden privacy policy updates from nearly every major company that had their contact information. CNN Tech goes into the logistics of changing data policies for consumers and how it can even affect users outside the EU.
“What is GDPR? Everything you need to know before the 2018 deadline”
Source: IT Pro While the deadline has clearly passed, IT Pro delves into why GDPR needed to be drafted when there were prior directives in place. Its main focus is on how the GDPR will still apply to the UK in the time before Brexit goes through. This is an interesting look at the legal and privacy implications of Brexit for an EU regulation.
“General Data Protection Regulation (GDPR) – What, Why, Where & When”
Source: Independent.ie If all you’re looking for is a quick rundown, this is a great primer on the pertinent information regarding the GDPR — what it is, why it’s happening, where it will happen, and when. It’s similar to the Wikipedia article in presenting the base facts, but in a simple and easy-to-read format for consumers who just want to understand what’s happening but don’t need the gritty details.
How GDPR will affect consumers
How Europe’s new privacy rule is reshaping the internet
Source: The Verge Whether you live in the EU or not, you’re bound to be affected by the new regulations. All businesses are doing their best to conform to these practices to accommodate any consumers, no matter where they’re based. US-based companies are simply revising the privacy rules for all their visitors, which is trickling down to affect US users as well. The Verge goes into detail about how the updates will spread and how new data collection regulations will affect advertising’s ubiquity on the internet.
“Europe's New Privacy Law Will Change the Web, and More”
Source: Wired This article describes the shift in the power balance for consumers and advertisers as well as what the upcoming years of this dynamic might look like. With the GDPR, users will have more control over their own data than ever before. Even though it is just entering implementation and enforcement, the practices will have wide-reaching effects. Many companies are complying globally in order to keep things simple, even if users are outside the EU. Not only does this affect social media and e-commerce behemoths, but also any companies that track users for product recommendations. If consumers choose to wield their new protections more aggressively, which Wired identifies as a trend, the advertising and brand landscape could change dramatically.
Staying GDPR compliant and what it means for businesses
Getting ready for the GDPR
Source: UK Information Commissioner’s Office This is the UK Information Commissioner’s Office’s official resource for businesses looking to conform to the new regulations. It includes a guide to help businesses be compliant, checklists to stay on the right track, blog posts to dispel common myths surrounding GDPR, frequently asked questions, advice for small businesses to comply with GDPR, specific steps to take to prepare, and resources for reporting a data breach should it ever happen.
How Facebook is responding to Europe's new GDPR privacy rules
Source: CNET The GDPR is coincidentally coming at a time where data breach scandals often snag top headlines in the news. One of the most scandalous breaches in recent years involves misused Facebook user data that was inappropriately obtained by a political analytics firm. With the GDPR, it’s more important than ever to know how companies are going to handle user data, especially one as large and prolific as Facebook.
“Europe’s General Data Protection Regulation is coming May 25. How have news publishers prepared?”
Source: Nieman Lab News publishers may not collect as much data as the likes of Facebook and Google, but all web companies are affected by the GDPR. Nieman Lab goes into detail about the hurdles in becoming compliant and the legal ramifications if publishers fail. In the immediate wake of GDPR, several publishers shuttered their EU web presences or offered “light” versions of their websites in order to comply.