*There’s a lot out there on the specifics (I like Buzzfeed), below is a simple overview
Simply put – The General Data Protection Regulation (AKA GDPR) is a new set of guidelines (beginning today, May 25th) putting higher security on the customer data that companies collect and store. The focus is actually on EU citizens but companies don’t have to be based there to be accountable, it applies is they have customers/people in their database based there, hence most large companies we are associated with will be reacting.
This is a big deal because of the crazy amount of big company hacks/data breaches we’ve seen the last few years. GDPR enforces companies to openly and understandably share how data is processed and protected (and offer an easy “opt-out) as well as immediately notify the appropriate governing entities and the public that their data has been hacked to measures to prevent data abused (hence all the email you’re getting).
For just a bit on the specifics – companies that collect & store personal data must be built with data protection standards – “pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately” – per Wikipedia.
I thought this was a good overview: