The General Data Protection Regulation (GDPR) will have an impact on how organisations handle the personal information that they look after.
GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
GDPR will have a role in four main areas:
1. Easier Access
Users will have easier access to their own data. Individuals will be better informed as to how their information is processed and stored and organisations will need to inform users in the clearest way possible.
Users should easily transfer their own information between service providers.
3. Right to be forgotten
Users that no longer want you to control or store their personal information you have processed should be able to easily have their data removed from your system unless there are legitimate grounds for keeping it.
4. Data breaches
Users should know that their information has been lost/stole or otherwise compromised. If your systems have been breached the users affected should be informed as soon as possible.
The implementation of the four points will depend on how you currently store and access user information. You will also need to be clear what you are using that information for.