More than likely, in the last few months, several of your most frequented social media platforms and websites have popped up with this notorious message upon visiting the site: “We have made new updates to our privacy policy due to regulations from the GDPR…”

This is no surprise; the world has been in a very public, ceaseless debate concerning the intricate issue of digital data security, and with the implementation of the EU’s GDPR, much of what we know about our digital data is about to change. Design the Planet is here to clarify some of the murk that surrounds the GDPR for everyday consumers, and to break down what this means for your data protection on the interwebs. (We do not provide legal advice or guidance, so consult your legal advisor before taking any action on this topic.)

In January 2012, the European Commission began to work on finding solutions for data protection reform across the EU. After years of debate and agreement-reaching, in December 2015, the General Data Protection Regulation (GDPR) was born. At its core, the GDPR is meant to regulate just who is receiving the expansive tide of personal information that most of us house in our smartphones. With the recent Cambridge Analytica scandal that compromised the information of over 50 million Facebook users, the GDPR could not come at a more powerful time. While it may cause a legal headache for many business owners worldwide, the GDPR is a policy made for the people – and it is meant to counteract the massive recent data breaches with higher security measures for the public.

While the changes coming to the US are longer down the road, the GDPR does affect American business owners in a large way. If your company has no ties at all to anything European, you are most likely in the clear. But, if your company collects data or does business with any EU citizens, the GDPR laws now fully apply to you. As far as data collection goes, generic marketing still flies, at this point. Things change when you’re directly targeting those citizens over the water – aka if you’re collecting data from a website in Italy with marketing and web-content material written in Italian, containing “references to EU users and customers” (Forbes), then you are now subject to the laws of the GDPR.

The good news for consumers is that it is now a requirement to be notified when your information has been hacked, or unlawfully distributed due to a breach in security or protocols. Given the number of consumers today who have had their personal information disclosed/sold without knowing that it’s happened, this is a big deal. Companies who fail to comply with this law can be fined up to 10 million euros, or 2-4% of their global turnover, whichever is greater. The new GDPR laws require a 72-hour legal notice to be given whenever a data breach occurs. New website restrictions require unambiguous language regarding what data is actually being collected from consumers in the first place, and calls for users be given an opportunity to opt out any time. “The ability to be forgotten” is also in the works, giving users the opportunity to have their data deleted, as long as there is no legal law requiring that it be collected.

By instating the GDPR, the EU has introduced the biggest cyber-security redesign for the EU in at least two decades. While it may cause some concern for the hospitality, e-commerce, and travel sectors of global businesses, the GDPR is here, and will (hopefully!) protect the citizens of the EU, and by extension the world, from the darker, more insidious underbellies of the Internet. So now you know. Adjust your digital data strategy accordingly.

Want to learn more? Check out this informative article from the Wired.