The General Data Protection Regulation (GDPR) came into full effect on May 25, 2018. The legislation affects both companies in the EU and organizations that process or track, in any way, EU/EEA residents’ data. The current version of the regulation (the official pdf file) can be found here.

The law is aimed at securing EU citizens’ personal data in a standardized way. It enforces companies - small businesses and enterprises alike - to comply with a comprehensive set of protection rules. It obligates them (every firm working with EU personal data, irrespective of its location) to audit regularly their data processing system and report, promptly, every failure and data breach. DigitDyno supports completely the EU parliament's decision to strengthen data security. We have always been committed to protecting client's records, we consider this new regulation a force for good, and we will go out of our way to comply fully with every aspect of this landmark piece of legislation.
It puts an obligation on companies to be introspective and review carefully each procedure they have in place that concerns clients’ data. CEOs must reassess the way information is being collected and unveil to the public how each piece of data flows through their organization.

Transparency lies at the heart of GDPR and so does a user’s authority.

Companies can no longer assume consent when, for example, they want to send an email to a potential client. They can only use personal addresses (and other sensitive data) after explicitly being permissioned to do so: a user must actively opt-in to receive notifications and website disclaimers, no matter how detailed, will not suffice.

Besides, EU residents have a right to have their personal information deleted permanently from all company's databases.