Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

GDPR: Everything you need to know about the new data privacy rules

What is GDPR? The new rules explained

By now, you’ll almost certainly have received stacks and stacks of emails about GDPR. Tempting as it may be to ignore them, you really shouldn’t.

That’s because the new piece of data protection regulation is set to radically change how companies are allowed to use your data.

Related: Beware GDPR scams

At the moment, admittedly, it’s hard not to feel like it’s doing little more than creating mountains of spam emails, as companies desperately try to comply with the new rules. However, in the long run, GDPR should ensure that companies are much more careful about how they treat your personal data.

The rules have been tightened, and they’ve also been harmonised across the whole of Europe, so that business and law enforcement are clearer about where they stand.

Here’s everything you need to know about GDPR.

What is GDPR? The basics

GDPR, or General Data Protection Regulation, is a new piece of regulation that replaces the 1995 data protection rules we’re currently using. It came into effect on May 25, 2018.

It’s a radical re-write of the 90s legislation, which takes into account the complexities of the modern internet, where we’re now sharing far more information than anyone would have ever suspected 20 years ago.

It’s also consistent across the whole of Europe, which should make it easier for companies to stick to the rules and give law enforcement more resources to hold them to account when they don’t. It’s also set to apply in the UK even after Brexit.

Here’s a selection of new rules that companies now have to abide by:

  • Companies have to notify the data protection regulator of data breaches within 72 hours of finding out about them
  • Any company with more than 250 employees needs to document its data collection processes
  • Companies that process a lot of personal information need to appoint a data protection officer
  • You have to opt-in to give a company permission to collect and process your data
  • You can request access to the data a company holds about you, free of charge

Any company that fails to abide by these regulations can face fines up to a massive €20 million, or 4% of its global annual turnover (whichever is higher).

What is GDPR? Privacy Notices

So there’s a lot of complexity in GDPR, but that doesn’t change the fact that most people are only really aware of the regulation because of the deluge of emails they’re receiving from any company that holds their email address on its records.

According to The Guardian, companies are currently split on their attitude towards these emails. Some think they just have to notify you that the rules are changing, while others have taken a stricter interpretation and think they need to obtain consent from their users in order to keep in touch.

Either way, you’re probably safe to ignore these emails. After all, you can always re-subscribe to anything later down the line.

What is GDPR? Advice from the experts

If you’re feeling a little overwhelmed by the sheer volume of information that’s being pumped into your inbox, we’re afraid there are no shortcuts. There’s a lot of reading to get through, but it’s important to take a look through it all.

Here are a few nuggets of advice from experts:

“The good news is that GDPR requirements require privacy notices to be understandable and accessible. This means that you, as the data subject, will be provided a clear understanding of privacy information in clear and plain language. Of course this does demand you read the information,” said Raj Samani, McAfee’s chief scientist.

“We as a society have demanded transparency about what happens to information about us, and we are now being provided this insight in a language we can all understand. It is important to use this opportunity.”

“Information is today’s most valuable currency so make sure you are paying particular attention to what you are agreeing to share. You wouldn’t just hand out your banking account information, so similarly you shouldn’t give away your privacy rights,” said Nick Shaw, Norton’s EMEA vice president and general manager.

“Applications and platforms ask you to agree to terms that are best for them and not necessarily for you. Take a moment to understand what you are signing up for and make sure your permission choices are right for you.”

“The timing of these emails represents a great opportunity to conduct some much-needed digital housekeeping. People should treat this period as an ideal chance to clean up their inboxes and close unnecessary accounts,” added Mark Nicholls, Redscan’s director of cybersecurity.

Read more: How to mute GDPR emails

This isn’t the last we’ll be hearing about GDPR. As you might have guessed, there’s a lot of confusion amongst companies, as to how strict the interpretation of the law is going to be, and it’s going to take a while for the courts to work out exactly how companies comply with the regulation.

Have you received any particularly interesting GDPR privacy notices? Get in touch with us @TrustedReviews.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.