GDPR stands for General Data Protection Regulation. It is a set of laws enacted by the European Union that come into effect on May 25th, 2018. From a certain angle, data compliance law is pretty boring stuff. From another angle, it matters on almost every level. After all, in a post Cambridge Analytica world, it is all to evident that aggregate information about all of us is powerful enough to influence politics and culture at every level.
Since pretty much the beginning of the internet, people who browse on any website leave behind them what I’ll refer to as a digital trail of bread crumbs. Websites have been picking up these ‘digital crumbs’ that are the result of people using their sites since day one, and analyzing them. Since it’s beginning, Facebook figured out how to use these digital crumbs to customize almost every ad you see there. Google does the same thing.
Websites own the digital crumbs that you leave behind. This has always been the case. GDPR changes that equation and gives the legal right of ownership to the one who created the trail of digital crumbs, and takes it away from the site on which it was left. So, in a nutshell, that is what GDPR is – it is a transfer of ownership of the data that is left behind by users of the internet when they use the internet.
This transfer of ownership applies, as well, to all information users intentionally give away while viewing the internet, like email address, name, contact info, address, – anything you would include in any contact form. In fact, it also means that if you fill out a contact form for, say, a free download, that does not subscribe you to an email list. The website owner is strictly only allowed to use your email to contact you for the express written purpose for which you gave you email.
This means that all contact boxes must have a check box that remains, by default, unchecked, and links to the privacy policy of the site. But we’ll get much more into that later on in the post.