With the increase in unavoidable tech exposure, it's important to understand your data rights are being upheld. The GDPR is an updated version of its predecessor, the 1998 Data Protection Act. The GDPR implementation date is 25 May 2018, and the four key components are as follows:

·       Privacy

The overall aim of the GDPR is to protect data of EU citizens. This includes: names, email addresses, any financial details, even IP addresses. It's commonly being referred to as Privacy by Design, as businesses will need to build their data security before it's collected.

·       Data Handling

With many cases of mishandling of data in recent years by some of the biggest tech firms, the GDPR dictates that user data should only be held if absolutely necessary and once its use runs its course, it is to be destroyed or anonymised.

·       Right For Data Removal

Known as the Right to erasure, the GDPR entitles EU citizens the right to have their personal information deleted from a company's database. In addition, for the company to process users data, consent must be given, and consent withdrawal must be just as straightforward.

·       Breach Notification

The GDPR has very strict and enforceable data breach notification rules requiring company's to report a breach within 72 hours of occurrence.

Not being location specific, the GDPR protects all EU citizens regardless of the users or company's residence. Non-compliance with these new regulations can result in a fine of either €20 million or 4% of the company's annual revenue, whichever is highest. Having 2 years to prepare for regulation compliance the EU looks to heavily enforce this new act.

The GDPR is changing data protection on a global scale, whilst non-EU citizens don't directly benefit from the law, businesses in their home regions will be forced to comply with such regulations and it will, therefore, make more sense for the business to implement the same practices for all its users for efficiency's' sake. For example, Facebook has already announced that it will extend the new regulatory statutes to all over its users.

This act doesn't only affect large corporations but spans across all businesses, large or small, and inclusive of all industries, truly protecting data on every level. This new data protection act has revolutionised the way big data is considered and is the European Government's answer to the rapid technological growth in recent years.

Whilst the US hasn't chosen to adopt such a broad data protection scheme, it is rolling out more sector-specific legislation at both national and state levels.

This new era of data protection will provide end users with the reassurance that they now have more control than ever over the availability of their own data and how it is being handled. We can expect to see more countries across the globe introducing similar legislation to match the developments in the tech industry.