On May 25—just three weeks from today—the data privacy landscape will change radically. 

Three Fridays from now, the grace period for the General Data Protection Regulation (GDPR), passed in April 2016 by European Parliament, will expire, and the hope is that consumers all around the world will have more control over their personal data as a result. 

Users of platforms like Gmail and Twitter have probably noticed messages about changes to those platforms’ privacy policies. Public-facing companies now have several new considerations to take into account when dealing with personally-identifiable information (PII), and, as the 25th rapidly approaches, they’re doing some housekeeping to make sure they have their ducks in a row. 

While the list of requirements is long, the basic principle makes sense: companies that deal with PII need privacy by design. This means no plain-text passwords, intuitive (and easy) ways for users to opt-out of certain data collection, streamlined practices for requesting personal data removal, and more. The fines for non-conformity are high, so companies, including App47, are taking big steps to ensure compliance with GDPR. And of course, data protection is a good goal in itself, so we’re happy to be on board with these new regulations. 

At the end of the day, it’s about doing the right thing with people’s data. Consumers being aware of what data is being collected, and how it’s being used, is a good thing, so GDPR appears poised to be a good thing at the end of the day. 

I recently published an article that goes into depth about GDPR and App47 with respect to PII and how we use it. If you have questions about what GDPR means for you or your employees or constituents, I would encourage you to check out the full article here.

For more information about GDPR more generally, you can read the full text of the agreement here.