Some big changes are coming to online privacy, especially when it comes to companies like Google and Facebook.  The European Union’s General Data Protection Regulation (GDPR) establishes a new set of rules designed to give people more control over their data.

Think about how much of “you” is online.  Things like who you associate with, which songs you like, who your friends are.  While that mean seem rather mundane, the list also includes your name, address, credit card numbers, the purchases you’ve made, what you paid for your house, your driving record – the list is endless.  The amount of data that Google, Facebook, and advertisers have collected to target you is almost mind-blowing.

One of the best ways to protect yourself and your data online is by using a virtual private network (VPN). The best VPN Mac or VPN Windows will help keep your data private when connecting to the web with an encrypted tunnel that makes you virtually invisible to other online users. This is especially important if you are connecting via public Wi-Fi.

GDPR Rules

The new GDPR rules going into effect in May, 2018.  The biggest change is the right of individuals in the EU to request their data be deleted.  Any business that handles personal data about European citizens will have to comply, with significant fines for breaking the rules, or failing to follow them in a timely manner.  Fines can be as high as 4% of global revenues.

Failing to adequately protect from data breaches, failing to disclose breaches promptly, and allowing unauthorized disclosure of personal data can also result in fines and penalties.

It’s not just affecting the big online companies.  The Financial Times reports the financial services and companies that do business online, including medium-sized firms, will spend an average of $550,00 to ensure compliance by May.  For Fortune 500 companies, The Financial Times estimates they will spend a combined 7.8 billion dollars to comply.

It’s becoming tougher for companies that do business internationally. This year China enacted cyber security laws, which requires any data relating to Chinese citizens to be stores on Chinese servers.  Russia has a similar law.

Here’s just some of what’s covered in the GDPR:

  1. Companies must maintain silos to prevent data from being used for any purpose other than what it was gathered to be used.
  2. Citizens will be able to request whether (and what) data has been gathered and provide it to individuals.
  3. The “Right to be forgotten” means data must be deleted upon demand once it is no longer needed.
  4. Strict data protection rules to make data secure and prevent breaches

If you want to get an idea of what data’s being kept about you, you can download a copy of your Facebook data by going to the General tab under Facebook settings.

“We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the location of a photo or the date a file was created. We also collect information about how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities.” – Facebook Terms of Service

You can check out just a sampling of the data Google keeps on you by going here and logging into a Google or Gmail account.

Here’s what Google says it collects.

There are no such rules or regulations in the U.S.  As marketers continue to gather data – and marry things like online advertising tracking, credit card purchases, and location data from your smart phone, privacy continues to take a hit.

Here are some of the previous articles I’ve written about online privacy (or lack thereof) in case you can’t fall asleep and want something to help: