Here is a summary of the new law:
There is an increased territorial scope – GDPR rules apply to all companies that process personal data of people residing in the EU, regardless of the company’s location.
We must give you more detailed information when you are collecting their personal data. There are new regulations for gaining consent to collect personal data. Both consent and explicit consent now require clear affirmative action.
We must delete data that we are not using for its original purpose.
Individuals can revoke their consent to data processing at any time, and it must be easy for them to do so.
If companies do not comply with the GDPR, they could face fines of up to 4% of total global annual turnover for the preceding financial year.