May 25, 2018 marks the start of a sweeping new round of personal privacy protection regulations for European Union natural persons.  The General Data Protection Regulation (GDPR) applies to businesses both in and outside of the EU starting today.

The major thrust of the new regulations is to empower an individual to say how an entity can use, store, collect, keep and/or transfer any information that can identify that individual.  This information is defined very broadly and includes things like: name, address, email address, financial information, contact information, identification numbers, any IP address, geolocation information, browsing history, cookies, any other digital identifiers and/or their physical, mental, social, economic or cultural identities.

If a company has any dealings with EU natural persons, either through direct services or thru something as simple as a website request for information, they should be adapting their privacy policies to conform with the GDPR.

An individual in the EU must give their explicit consent for a company to use, store, collect, keep and/or transfer their information.  Implied consent is no longer the accepted standard.

Contact us if you have questions and/or check with your legal advisor.


Michael Shoffner

Chief Compliance & Security Officer