Photo: Dennis van der Heijden, used under CC BY 2.0 (

The General Data Protection Regulation (GDPR) seemed to cause a lot of frenzied discussion and research among many organizations – non-profit and corporate alike – when it came into effect earlier in 2018. Although GDPR is a data protection and privacy regulation developed under EU law, it has broad-reaching implications as it also regulates the export of personal data outside of EU boundaries.

Enforced on May 25, 2018, GDPR was widely welcomed by privacy and data protection advocates, though it proved to be a somewhat daunting regulation to implement due to its lengthy and complex list of requirements. It outlined in detail what personal data could and could not be collected and stored by organizations, both in the EU and beyond. As a result, you have likely been prompted to review modified privacy policies from other organizations with which you are in contact, especially leading up to the official enforcement date.

For organizations who are just establishing their online presence, there are a number of useful resources to help make sense of these policies. European Digital Rights (EDRi) is an association of civil and human rights organizations from across Europe that defends rights and freedoms in the digital environment. They have created a comprehensive website that presents GDPR in simple and accessible terms, titled A Digestible Guide to Individual’s Rights under GDPR.

Within the guide, they elaborate on the following considerations:

What are my rights under the GDPR?

  1. You have the right to information.
  2. You have the right to secure handling.
  3. You have the right to access the personal data a company/organisation holds on you, at any time.
  4. You have the right to use a service without giving away additional data.
  5. With automated decisions, you have the right to explanation and human intervention.
  6. How will these rights be enforced?
  7. Do I need to do anything?
  8. Does it mean I can “delete” myself?
  9. Can I talk to companies about their use of my data?
  10. What can I do if a company is using my personal data against my will?
  11. Why are some companies critical of the GDPR?
  12. Does the GDPR apply to the data my employer has on me?
  13. Does the GDPR apply to US companies?

To read more, you can access the EDRi guide here.

You can also read through these GDPR Frequently Asked Questions to find out more details about this regulation, its effects and its implementation.

For those who want to explore GDPR in-depth, the website of the European Commission presents the full body of information regarding this important regulation.