There are two common reactions to the General Data Protection Regulation: blasé contempt or outright terror. It feels like data privacy – and the internet at large – is at the cusp of a whole new era. Those affected by this ruling are either worriedly getting data protection officers up to speed and receiving customer confirmation on their new data privacy policies or in deep, deep denial.

“My company is in the US,” you may say. Some of your partners or leads may still be in the EU. If your company touches the EU, even peripherally – if one lead is in the EU’s jurisdiction – you are affected.

So what does GDPR do? Why should you care?


The Layman’s Guide to GDPR

When I first started research for this post, I had a faint idea of what GDPR did. I knew it mandated data privacy laws for residents of the European Union (EU), but I did not know what “personal data” entailed beyond the obvious. I knew that Zift’s engineering and product departments had been hard at work for months to ensure our company-wide compliance. I knew our customer success team had been meeting with customers to discuss their own compliance changes, but me? From my desk in the marketing department, there were a few basic questions I wanted answered in easy terms. A lot of people affected, even this close to its enactment, are still at this level of understanding – they’re sitting at their desks thinking, “break this down.” So let’s keep this simple.
What does GDPR do?

It protects EU residents’ personal data online. This means that companies must provide protection for this data. As mentioned above, this applies both to data within EU countries and data exported outside of the EU.

What is personal data?

Personal data is any kind of data that reveals identifying details about an individual. This can include everything from basic data like names and addresses to more complex details like political leanings.  

What kind of protection is necessary?

In order to stay compliant, you must have a system in place for personal data to be purged. The GDPR offers some new roles for businesses to help, the most important of which is the data protection officer. This role defines the company’s strategy on keeping data secure and stored in a GDPR-compliant manner.

What if I don’t want to make changes to my current system?

You’re going to face steep fines – up to either 20 million euros or 4 percent of global annual turnover, whichever is higher. It’s costly and time-consuming to account for GDPR, but the EU has ensured that non-compliance is not to be done lightly.

I keep hearing about this “right to be forgotten.” What is that?

The right to be forgotten is a clause in the GDPR with huge implications. Residents of the EU have the right to have companies purge their data from their systems – the right, in other words, to be forgotten by that system.


The GDPR will change how data is processed and stored in a truly permanent way. You’re hopefully well on your way to compliance, if not already fully compliant. Do your research (maybe on Zift’s Help Center article?) and be prepared.