Basically, It’s a new law that protects residents of the EU, people living there, including Americans. Europeans who live in the U.S. are not protected. all companies that have an Internet presence , including large American companies like Google, Microsoft and Facebook , have to comply. Personal data and the rights over that data are the subject. What is posted on social media, electronic medical records and mailing address, the IP address (a string of numbers that’s unique to the smartphone or laptop), as well as GPS location, all are personal data.
People have to give permission for a company to collect their data and not any company can just sign someone up without explicitly asking. Europeans have a right to have their data deleted if they don’t want a company to keep it. Companies have to delete the data without undue delay, or face a penalty. How the new law hurst businesses that rely on data collection is discussed right now. One opinion sustains small companies won’t be able to afford the millions of dollars in expenses that come with managing and protecting data. Generally accepted however is that GDPR may improve the quality of the Internet.