If you've noticed a surge of emails lately from businesses telling you they have updated their privacy policies and asking you to agree to receive emails from them, it's because of the new General Data Protection Regulation (GDPR), which went into effect May 25. GDPR requires businesses to protect the personal data and privacy of European Union (EU) citizens.
The E.U. wants to get away from the fast and loose Silicon Valley approach to data. No more "Collect it all, we'll figure it out later." Privacy must be in your design from the beginning. Business processes must be designed to protect citizen data and privacy rights from the start, not as an afterthought.