United States tech firms, and virtually all companies with online operations, will need to comply with the rules if their sites are used in the European Union, or face hefty financial penalties.
So, what does the advent of GDPR mean for consumers in South Africa?
The group is asking regulators in France, Belgium, Germany and Austria to fine the companies up to the maximum four per cent of their annual revenue that the GDPR legislation allows.
According to Schrems, the companies are violating GDPR laws by forcing their users to consent to share their personal data and that they have gone as far as blocking accounts of users who declined to consent.
GDPR protects the privacy not only of European Union citizens worldwide but also of anyone who is party to a transaction while in the EU.
Google, Facebook, Instagram and WhatsApp have been hit with privacy complaints within hours of GDPR taking effect Friday - complaints that could carry fines of up to $9.3 billion in total. It also establishes their "right to know" who is processing their information and what it will be used for; and gives them the "right to be forgotten".
So how much will be an internet company be penalised for being loosey goosey about the users data? Although this only applies to users in Europe, this law affects American companies that can be viewed in those countries. So it's possible some companies will never be able to fully comply. "A company is expected to provide the same level of protection to relevant personal data that are covered by the GDPR, irrespective of where that data resides or where it gets transferred". You can already request your data from Facebook, Google, Apple, Instagram and Microsoft.
The new rules strike at a core of businesses that offer free content online but that make money by collecting and sharing user data to sell targeted advertising.
Through its new rules and standards, the GDPR encourages organizations to rethink existing data management policies and invest in state-of-the-art security for data protection.
Opt Out. Look for setting or opt-out options.
In order to be compliant, a business must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies to avoid severe legal, financial and reputational consequences, Gupta suggested.
Amy Webb, a fellow at Harvard's Nieman Foundation and founder of the Future Today Institute, warned the new law could lead to a "splinternet" with different kinds of data available in various regions of the world, and could be particularly cumbersome for news organizations. You may be tempted to mass delete them all at once, but if you have enough time it's worth reading through the updates to find out what's changing.