Skip to Content Skip to Navigation

With over half of the world’s population now online, almost everything we do in our day-to-day lives has gone digital. From booking a doctor’s appointment to staying in touch with friends, we’ve become so accustomed to the convenience offered by websites and apps that they have become necessities.

At the same time, consumers are growing more concerned about their online privacy and data security — two burgeoning issues that are here to stay for as long as we depend on digital services. To give you an idea of the scale of these concerns, a survey conducted by IBM just last year found that 75% of Americans won’t buy a product from a company if they don’t trust them to protect their personal data.

Data privacy has also become a top priority for lawmakers. In the midst of explosive scandals like Cambridge Analytica, the mother of all data privacy legislation came into effect in 2018: the EU General Data Protection Regulation (GDPR).

Heralded by the wave of privacy policy updates flooding people’s email inboxes last year, the GDPR is a set of requirements designed to protect the privacy and personal data of EU citizens. The new rules that businesses must adhere to include getting informed consent from users to track, collect and share personal data; writing a privacy policy and terms of service that are easy to understand; data breach notifications; and stringent data security protocols.

Non-compliant businesses could face serious penalties, as evidenced by the $57 million fine handed down to Google in January for failing to properly disclose how they collected and used user data in their advertising.

While the GDPR has pushed for higher standards of transparency and due diligence from businesses, critics say that the 261-page document can be difficult to comply with and has inadvertently created a new set of dubious practices and loopholes. As regulators struggle to keep up with the new demands, some of which are left to the discretion of individual businesses, some companies have designed their services to get forced consent from users and there are concerns about how the laws could give cybercriminals easier access to personal data.

Nevertheless, the GDPR has set a precedent for data protection around the world. As other countries are moving to refine their own laws and more businesses rebuild and align their processes with the GDPR, the era of unchecked data exploitation is just about over.

Is your privacy policy GDPR-ready?

Create a simple policy for your website or app with our GDPR privacy policy generator. Generate your privacy policy now.