You’ve probably been inundated with privacy policy updates, requests to re-subscribe to newsletters, and new cookie popups as you browse the web. Business and website owners have been scrambling to comply with the new EU General Data Protection Regulations (GDPR).

The GDPR covers anything that may be used to identify you: your name, email address, IP address, hardware/software configuration, etc. Even things like business cards and medical or student records are covered.

Every organisation and website owner must comply, even if they are based outside of the EU. The fines for non-compliance are massive, so some websites have simply blocked anyone visiting with an IP address inside the EU.

But why is the GDPR necessary?

Tracking scripts have been used by advertising agencies and large corporations to build a detailed profile about you. These companies can identify you, even if they don’t know your actual name or address. Your profile is then used to target you with advertisements, and is sold on to organisations around the world.  The biggest example to date was the Facebook and Cambridge Analytica scandal – they used and traded your data without your permission.

The GDPR helps protect your privacy by requiring all website owners and organisations to explain what data about you they collect, and what they do with it. More importantly, they need to get your consent before they collect any data.

The GDPR protects your privacy as an individual

• You are allowed to access any data that any organisation or website has stored about you, that can be used to identify you.
• You are allowed to modify that data at any time.
• You can request that your data is deleted.
• You can also forbid that company or website to use (process) your data in any way.
• Companies and websites must get your consent before they store and use your data.

But many websites aren’t complying!