What is GDPR? We'll tell you ... ASMR style.

GDPR goes into effect May 25, 2018. Are you prepared?

gdpr asmr privacy policy eu general data protection regulation autonomous sensory meridian response what is gdpr

If your business has a website, then you’ve probably heard of GDPR and have thought to yourself, “What is GDPR?” Our very own Katie Gross is here to tell you about what GDPR is using Autonomous Sensory Meridian Response  –  also known as ASMR  –  in this video, “ASMR GDPR.” 



GDPR stands for General Data Protection Regulation. The overall concept is that personal data belongs to the data subject (or person), not the companies collecting it. This new regulation was put in place by the European Union to protect its citizens’ data. We constantly hear more and more about how companies use our data, but on a basic level we often don’t understand what’s being used and how. The EU is trying to change that for its citizens by giving digital users more control over their data. 

What You Should Know About GDPR

  1. Changes go into effect May 25, 2018.
  2. Any U.S. businesses targeting an EU country or processing the personal data of EU citizens must comply with the changes.
  3. GDPR regulations limit the age of consent to have data processed at 16 years old, with a hard stop at 13 years old.
  4. Personal data includes but is not limited to: name, metadata, location data, gender, religion and online identifiers like your IP address.
  5. Encrypting personal data is a good idea; data must be protected.
  6. Individuals who consent to have their data processed have the following rights:
    • Right to access data held about them free of charge within 30 days of request
    • Right to request rectification of inaccurate data
    • Right to restrict processing: storing but not using data
    • Right to data portability: moving or copying data from one source to another
    • Right to have data deleted
    • Right to withdraw consent at any time
  7. If there is a data breach, the supervisory authority - and in some cases the individuals - must be notified within 72 hours.
  8. For any forms directed to EU citizens, consent must be “freely given, specific, informed and unambiguous.”
  9. If a purchase is made or a service is signed up for, the business must get permission for each data type that’s retained – be it email promotions or third-party affiliates – all with their own checkboxes.

So make sure you thoroughly review email consent forms, company privacy policies, forum forms, contact forms, Google Adwords data collection, and e-commerce data processing and collection. 

In general, these changes – though they may seem to only apply to EU citizens now – will seemingly have a larger effect on the U.S. and other parts of the world as they investigate privacy policies and securities going forward.

We hope you enjoyed our ASMR about GDPR, and that it adds some zen to your day.

Sarah Smith Barnum

Ready to see what Gray Loon can do for your business?

Contact Us Today