Posted and filed under Compliance, Cybersecurity.

We’ve updated our privacy policy.

Does this sentence look familiar? If you’re an active user of the Internet, then it should. Inboxes around the globe are being inundated with updated privacy policies, a verbose consequence of the European Union’s new set of privacy protections.

The European Union’s General Data Protection Regulation (GDPR) went into effect on Friday, resulting in privacy policy changes from websites around the world. Among those quickest to oblige: HIMSS, Indeed.com, HCCA, and a plethora of other e-commerce and informational websites. GDPR was put into effect with the intention of giving European citizens more control over the data that is collected by these various online services. This initiative is a big win for the population’s privacy and peace of mind, but it will prove to be challenging to U.S. organizations who handle international data. Read the full GDPR text here.

The sudden influx of policy update emails is an example of how these U.S.-based companies are trying to remain in compliance with these global privacy standards. Reading through these updated policies in strongly encouraged, as it will give you an idea of how data privacy is handled across the globe. The GDPR says that companies must explicitly request for consumer consent prior to collecting personal data, as well as operating transparently and deleting any data that consumers ask be disposed of.

Most companies that operate un GDPR are expected to elect a data protection officer and to improve their data breach reaction and announcement times. GDPR companies will now how just 72 hours to inform the public of any discovered breaches. Failure to comply with this new set of policies could result in a fine of up to 4% of a company’s annual global revenue, or about $23 million (whichever sum is higher).