The General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679 as it’s known in officially, is a regulation spearheaded by the EU legislature: the European Parliament, European Commission, and Council of the European Union. It replaced the Data Protection Directive (Directive 95/46/EC) when it came into force on May 25, 2018. The goal of the GDPR is to return control of personal data to EU citizens and make the regulatory environment simpler for international business.

EU origin with US implications

Regardless of where an organization is based (in the EU or otherwise), its website must meet regulatory obligations when processing EU/EEA citizens’ data or the business will face financial penalties. Asking for consent when processing users’ personal data is one of the most important duties imposed on website owners by the GDPR.

Always get the users consent

In the current regulatory environment, you should always be getting user consent. Depending upon your business scale and your platform you should consider using a consent management platform. Your data strategy and business goals should always be transparent to your users. This is recommended policy whether you are US or EU based. Remember - California is likely to enact similar legislation and your data strategy should be preparing for increased regulation in user privacy. The worst thing you can do as a company is to create a mismatch between your actions with data and a users expectations. Transparency makes sure that does not happen