The General Data Protection Regulation (GDPR) is a new privacy regulation set to come into effect on May 25. Violating GDPR may be financially suicidal, even for large corporations. On the other hand, GDPR could lead to some much-needed and praise-worthy steps to restore privacy to citizens in today’s internet era. I expect GDPR to be a watershed moment in defining new privacy standards across the globe.

In today’s data-centric world, one that is marred by constant data breaches and chilling personalization online, individuals have been left wondering how their data is used and misused. GDPR can be best thought of as a legal framework to enforce common sense, effective and practical data protection for personal data.

In this article, I’ll answer some of the most common questions about GDPR and what the new regulation might mean for your business.

Will GDPR be a positive or negative thing for U.S.-based companies?

GDPR, at its core, is simply a legal framework for enforcing common sense privacy controls. Like any industry-wide regulatory change, though, it will create some winners and losers.

U.S.-based companies need to change some of their data-collecting business practices. Fortunately, there are solutions there to help with compliance. Additionally, GDPR impacts both U.S. and European companies equally, so U.S.-based companies are not at an added disadvantage.

How do you feel about U.S. companies being regulated this way in terms of data they keep or process about U.S. citizens, residents, green card holders, etc.? 

GDPR-like regulations for U.S. residents will bring new tools for enforcing the security and privacy of consumer data. While such regulations certainly protect consumers, they can also unlock new businesses by allowing new frameworks for processing user data. Runtime encryption and differential privacy are, for example, two methods of extracting meaningful insight from private data without breaching user privacy.