So what is GDPR? The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. In plain words: this new regulation governs not just the collection and storage but its sale and exploitation for marketing. The regulation is so strict that some companies based in the United States have decided to stop trading in the European Union at least temporarily rather than risk falling foul of the new law.
In the ongoing uphill battle by the member countries of European Union, this regulation is certainly going to reduce the power of giant internet technology companies and restore a degree of control to citizens and their elected representatives.
So how much will be an internet company be penalised for being loosey goosey about the users data? Well if you misuse, exploit, market without consent or even handle with caution any user data, then you can be slapped with a fine of 20 Million Euros to 4% of the company's global turn-over. Everyone under the jurisdiction of GDPR has the right to see what the internet companies have on them and can request to delete that information. The regulation also states that, internet companies need to actively and wilfully take the consent of users than just getting a tick sign on the 'I understand and agree with the terms and condition'. During an occasion of data breach, the companies need to the user and the concerned authority within 72 hours.