Since it includes “any information” one must assume that the term “personal data” should be as broadly interpreted as possible. This can mean:
Yes. Whether you have signed up for newsletters via social media or online shopping websites, the GDPR is likely to impact us all.
You have the power to hold companies accountable as never before. If individuals begin to take advantage of GDPR in large numbers, whether by withholding consent for certain uses of data, requesting access to their personal information from data brokers, or deleting their information from sites altogether, it could have a seismic effect on the data industry.
GDPR replaces today's legislation regarding privacy in member countries currently subject to the EU. The GDPR sets a new standard for data collection, storage, and usage among all companies that operate in Europe. It will change how companies handle your privacy and will give people new rights to access and control their own data on the internet.
It gives you the right to ask companies how your personal data is collected and stored, how it's being used, and you can request that your personal data be deleted. You can also object to personal data being used for certain purposes like direct marketing. If you buy a pair of shoes through an online retailer and start seeing ads for similar shoes, you should be able to ask the retailer to stop using your personal data for direct marketing purposes. Under the GDPR, those and other rights are guaranteed.
You have the power to hold companies accountable as never before
It remains to be seen how much the rest of the world will benefit from the GDPR rules, but there are likely some rights that companies couldn’t apply to just Europeans even if they tried.
For example, companies will now have to notify a European agency if they had a personal data breach within 72 hours of a breach. If the breach exposes users to high risk, the company also needs to notify users directly. Those kinds of rules could have spillover benefits to people outside of Europe, and could similarly influence how companies conduct business regardless of the country.
If you live in Europe, a good first step would be to familiarize yourself with the European Commission's list of rights provided under the GDPR:
You can find step-by-step guides for things like:
You can also learn how to file a complaint if your personal data has been leaked and what to do about personal data collected about children. One thing you can do right away: start asking companies for the personal data they've collected about you.
Realistically, most privacy policies will still not be human-readable and will be hiding the needles in a haystack of legalese. But the policies could point to new privacy toggles or ways to prevent companies from processing and sharing your personal data. Those might be worth exploring, if only by quickly searching for key terms.
The rules will always be bent, if not broken, by companies seeking to gain a competitive advantage. But the newly introduced principle of demonstrable accountability and the unprecedented scale of penalties made available to the regulators should constitute a greater deterrent against breach and a shift from the current, relatively toothless and largely ignored, regime.
It's one area where we might see some meaningful gains for users seeking to take charge of their digital lives - even though in the aggregate, there’s relatively little they can do.