Companies also have to inform users of a data breach within 72 hours of discovery, and the law requires companies to appoint a person to be in charge of data protection.
So, what does the advent of GDPR mean for consumers in South Africa? Contravention of GDPR laws could lead to penalties amounting to either 20 million euros or four percent of their annual turnover.
The European Union's flagship data protection laws have hit an early hitch, with several major USA news websites blocked to European users out of concern that they might fall foul of the rules.
The organization suggests that forcing users to accept data collection measures in exchange for the possibility of using the service contravenes the new rules imposed by GDPR.
It also applies to a company established outside the European Union offering goods/services - whether paid or for free - which monitors the behaviour of individuals in the EU.
The big new European data-privacy law known as the General Data Protection Regulation (GDPR) is here and it's ushered in a host of changes to the way companies treat your personal information. It also establishes their "right to know" who is processing their information and what it will be used for; and gives them the "right to be forgotten".
The right to data portability - This allows customers to transfer and use personal data across different services.
European Union regulators have always been much tougher on the tech companies than their US counterparts, for instance forcing them to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content.
"We expect all companies to fully comply with the General Data Protection Regulation as of today". And companies like Microsoft and Apple have extended GDPR benefits to all customers worldwide, making the impact truly global with new features like downloading and exporting data, or exercising a "right to be forgotten".
What do you think of the GDPR? The law applies not only to companies in Europe but all foreign companies providing services or selling products to European citizens as well. He explained they must be able to deliver data to anyone who asks for his or her personal data.
Opt Out. Look for setting or opt-out options.
Keep an eye out for website pop-ups and banner ads as well, since some companies are using those to break the news instead. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a "completion date". "While the larger technology giants are more or less equipped to comply, it is the mid-size and smaller firms that are seeking professionals to help them cope with the requirements the new laws entail", he added.