Top 5: Things you should know about GDPR

The European Union's General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Companies have been preparing for it for awhile but if you're still in the dark, it's not too late to get up to speed.

Here are five things to know about the EU's GDPR:

1. It's about data privacy

The GDPR attempts to give EU citizens more control over what data companies collect, store, and use.

2. It probably applies to your business

GDPR applies to every citizen of the EU and any business entity that transacts with them. Sell a t-shirt to a Frenchman? You need to deal with the GDPR.

3. It's pretty much any kind of data

Anything related to a person that can be used directly, or indirectly, to identify them is now regulated.

SEE: GDPR consent request forms: Sample text (Tech Pro Research)

4. You have to get explicit permission to process personal data and your request must be in clear language

You can't use long legal documents or hide things in a privacy policy. And it has to be as easy to withdraw consent as it was to give it.

5. Penalties are big

If an enterprise violates the practices of the GDPR, it can be fined up to 4% of the company's global turnover or 20 million Euros, whichever is greater.

Those are the big things but there are loads of other considerations like the right to be forgotten, data portability, and more. Hopefully these help get you wrap your head around the issue.

When you're ready for more, TechRepublic has a comprehensive guide to the topic: EU General Data Protection Regulation (GDPR): A cheat sheet.

Also see:

• GDPR compliance tips and tools for business leaders (TechRepublic)
• As GDPR looms, 60% of global enterprises still don't properly tag sensitive data (TechRepublic)
• 61% of professionals worried about GDPR impact on recruiting and hiring (TechRepublic)
• GDPR: These are the organisations which are least prepared (ZDNet)
• What is GDPR? Everything you need to know about the new general data protection regulations (ZDNet)