On 25th May 2018, a new law will be implemented to protect the data and privacy of European citizens worldwide, the General Data Protection Regulation.

The increase of data breaches reported showed that there is a clear need for greater data protection in the increasingly interconnected world. The changes are important because they ‘Accountability’ on the organisations that request, take, hold and use data about you. So if a company is found to be negligent in its management (or mis-management) of data protection, then someone will be actually be held accountable.

The key element of this new law is that companies must have consent from their users, before taking and using their data.

The GDPR allows the regulators of EU countries to fine businesses that do not comply with it – and that could be far harsher than any current data protection fines. Companies and organisations that are guilty of breaching the regulations could be charged up to €20m ($30m) or 4% of the company global turnover.

The reason that so much news coverage has been made of this, is because GDPR covers the rights of European citizens’ data wherever it is processed – including by companies based in countries outside of Europe.

This has a very real impact on companies like Facebook, WhatsApp, Instagram (all of which are actually owned by Facebook), Twitter, Apple & Google. Global internet and tech companies that run services that hold your personal data.