What’s GDPR and Why Are We Excited About It?

GDPR will come into effect this month on May 25, 2018, and will aim to protect private citizens’ personal data, regulating how organizations in the EU (and, by extension, the world) gather, utilize and protect personal information.

The last couple of years haven’t exactly been sunshine and rainbows when it comes to data privacy and security in the online world. From misuse cases–such as the political controversy regarding Cambridge Analytica’s use of data from Facebook–to outright data breaches (Uber and Equifax come to mind), more regulation around the protection of personal data has been long overdue.

Enter the General Data Protection Regulation (GDPR).

What exactly is GDPR?

GDPR is a privacy law that was passed by the European Commission in 2016 to replace and update a 23-year-old data protection law known as Directive 95/46/EC. This new regulation is binding, meaning that it has to be followed throughout the EU and by any organization that handles European data. Ever collected an email from the UK? Then this regulation affects your business, too.

With GDPR, the European Commission hopes to strengthen data protection in the European Union, giving more power to individuals to make sure their data is safe. It also aims to simplify regulation so both citizens and businesses know their options and can co-exist in the digital world.

GDPR is incredibly important because it’s very likely that it’ll become the gold standard for data protection regulation around the world.

How’s it different from the “Directive”?

Increased Territorial Scope (Yep, Canadian and US businesses too)

Probably the biggest change, GDPR has a potentially global jurisdiction; as GDPR.org states, “it applies to all companies processing the personal data of  subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process ‘in context of an establishment”. 

Penalties ($$$)

The new regulation also has bite. As the New York Times put it, companies can be fined up to 4 percent of global revenue or €20 million, whichever is greatest — “equivalent to about $1.6 billion for Facebook.” It goes without saying that such sizeable penalties will result in companies taking data privacy seriously.

Hmm … with $1.6 billion you could buy an NFL team (they average at about $1.17 billion each), or any private island.


Have you noticed how recently almost every website you visit has a privacy and cookies consent pop-up? Such prominently placed forms will likely become the norm.

As GDPR.org writes, “the conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.”

Why We’re Excited About it (Didn’t think someone could be excited about this huh?)

Here at ContactMonkey we’re very excited about GDPR, as it aligns with our data privacy & security values, practices and principles. Not to brag, but we’ve taken data privacy and consent forms seriously before it was cool.


We believe that GDPR is an important step towards strong data privacy as it empowers private individuals, the very human beings that we help day in and out with our tool.

We’re also fans and promoters of good email practices for internal comms or sales teams, and extra regulation is bound to make the interactions between your company and your audience more straightforward, clear and mutually beneficial.

Our mission is to help you create interactions that your readers want to undoubtedly and excitedly engage with, whether they are your own employees or external prospects.

Phew … we made it. That was a lot of info, but the point is that GDPR is nothing to be scared of and we’re here to help in any way we can.


  • GDPR will be effective starting May 25th, 2018
  • Its reach affects not only EU countries, but also anyone or any company that comes into contact with the private data of any EU citizen.
  • Penalties are quite substantial for anyone failing to comply
  • Increased regulation will result in increased care and resources allocated by organizations to ensure lawful data protection

That’s it! Please tweet at us any other GDPR concerns you may have? What’s the craziest GDPR-related story you’ve heard?