"And being more accessible and transparent with the users", he explained. The regulation expands the scope of what companies must consider personal data, and it requires them to closely track data they have stored on European Union residents. And that means they get better protection.
"To get that adequacy decision, we will have to demonstrate that we offer a level of protection of personal data equivalent to that provided by the GDPR". Instead of separate rules in separate nations across Europe, there's now a single set for the entire EU. Furthermore, an individual can ask a company to now delete their personal information from their databases at their request. One side argues that GDPR will be bad for competition, giving big businesses a leg up over small ones.
Members of the European Parliament (MEPs) see themselves as global leaders in a battle to reduce the power of giant internet technology companies and restore a degree of control to citizens and their elected representatives.
On Friday, those "forced consent" tactics were the first to come under scrutiny by European privacy advocates. Effectively that comes down to either being able to show a reasonable basis for needing to do so (for example, in order to deliver something you have ordered), or having your consent. "We will be looking at the algorithms they use to profit off data to make sure they are fair", he added.
There's also a somewhat vague category called "legitimate interests".
The updated policies are easy to understand so just give them a once over so that you are fully aware of what data SamMobile collects, what we do with it and how we protect it. SamMobile does not disclose your personal data to third parties. The organization must then stop processing the data until they can prove they have legitimate reasons to do so. Ms Denham said companies have had two years to prepare.
Austrian data privacy activist Max Schrems is quick off the mark and is already taking Facebook and Google to task under GDPR. If companies fail to comply with the rules, they can expect to be fined up to €20 million or four percent of their annual turnover - whichever is greater. That's an incentive for companies to take these rules seriously.
The right to be informed: If a company is collecting data, they need to tell data subjects what's being collected, why it's being collected, what it's being used for, how long it's going to be kept, and if it's going to be shared with third parties. Ailidh Callander of the London-based group Privacy International says many questions will be tested in courts and further rulemaking.
Some companies are extending at least some EU-style protections to all users.
Users in the United States will benefit from changes companies that operate in the European Union made to comply with the new law. "We build privacy and security into our products from the very earliest stages", Google said in the statement, "and are committed to complying with the EU GDPR".
Facebook CEO Mark Zuckerberg, for instance, promised "global settings and controls" for users during his USA congressional testimony in April, but was otherwise vague on the subject.