To come into force starting May 25, the regulation has come to form across member states of the European Union "to harmonise data privacy laws". You certainly don't need to worry about us ever sending you anything through the post!
They've good reason to be anxious.
We run a lot of competitions on UKC - around 2 or 3 a week sometimes. The Equifax hack past year was particularly bad because the information leaked could be used to open credit cards. Another lawful reason to email is what is known as "legitimate interest.' Although this comes down to a subjective judgement in the end, if a company is emailing me to pitch a product or service, and it has reason to believe that it is relevant to me, then it can use the 'legitimate interest" reason to email me. And for fans of gamification, why not try a GDPR quiz?
Mr Schrems, head of a new privacy lobby group noyb (None of Your Business), accused Facebook of "blackmail" for giving users only two options: accept the new rules - and hand over more data than needed to operate the service - or deactivate their account.
The company should explain to you the nature of the personal data breach and who to contact.
Biographical data such as your name, address, phone number, social security number, and so on.
They need to have a plan for notifying authorities and users if there's a hack, and they need to make sure they're verifying the ages of their users - children's data is a big part of this, too. The right is not absolute and only applies in certain circumstances. A company can't just sign you up without explicitly asking.
Why you're suddenly getting lots of emails from sites you haven't visited in years
Most online services previously tended to enable all of their data gathering checkboxes by default, because that's how they could get the most users to "agree" to that collection.
Failure to report data breaches will also now carry substantial financial penalties of upto €20 million or four per cent of annual turnover, whichever is greater.
The right to erasure:You can remove all of the data a company has stored on you. Companies have one month to comply.
You have a right to see all the data a company holds on you. For example, if the data is no longer needed or they are withdrawing their consent for it to be used.
A spokesman for the Irish Data Protection Commission noted that Mr Schrems's complaints were made to other European Union data protection authorities earlier on Friday and that they would be forwarded to the Irish regulator should they come under the GDPR's "one-stop shop mechanism" that brings matters relating to Facebook and Google to the Irish authority given that their European Union headquarters are based in Dublin.
One key provision of GDPR, the right to data portability, is causing particular confusion. Most other companies who have said the same thing have also been similarly vague on timing. "It might seem like a smart move, but in some cases, it's more work", said Larry Ponemon, founder of the privacy research firm Ponemon Institute.
Rights related to automated decision making including profiling: The GDPR puts into place safeguards so that individuals can object to or get an explanation about automated decisions that affect them and their data.