The General Data Protection Regulation (GDPR) is a regulation passed by the European Union in 2016, setting new rules for how companies manage and share personal data. GDPR is only applied to EU citizens’ data, but since Parcl is an international platform and we have many users from the EU registered here, Parcl is affected by this regulation as well.
Much of the GDPR builds on rules set by earlier EU privacy measures, but it expands on those measures in two ways:
It sets the highest bar for obtaining personal information we’ve ever seen on the Internet (for example, any time a company collects personal data on an EU citizen, it will need explicit and informed consent from that person);
The GDPR’s penalties are severe enough to get the entire industry’s attention (maximum fines per violation are set at 4 percent of a company’s global turnover (or $20 million, whichever is larger)).
The new rules go into effect on May 25, 2018. We have already prepared for this new regulation by rewriting Parcl’s Privacy and Cookies Policy and by adding specific features that will help users understand what data is collected, why we need it and how it will be used and stored. What is even more important, any European resident can request a copy of all data the company has on them as a way to verify their consent.