On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) takes effect. The GDPR, which is an attempt to unify data protection practices across the EU, will give users of digital services much tighter control over their own personal data.
Though the GDPR is an EU initiative, it has global ramifications. Any company serving users based in the EU will have to comply with the GDPR—or risk fines up to 4 percent of annual global sales, which is potentially billions of dollars for large tech companies.
Among the affected companies is CAD giant Autodesk, which has taken the new regulation in stride. In fact, the company is committed to upholding the GDPR across its global customer base, not just for EU customers. The firm, according to Autodesk’s Jeff Wright, is in full support of stricter data regulations.
“We are not a business that is about selling the personal data of our customers,” he said. “We're very supportive of GDPR and the direction it's taking the industry."
A few of the new rights given to EU citizens (and all Autodesk customers) as part of the GDPR are as follows:
- The right to be forgotten: Users can request that their personal data be expunged from a company’s servers.
- The right to be informed: Companies that suffer a data breach must inform users within 72 hours of discovering the breach.
- The right to plain language: Companies can only collect personal data with customer consent. The request for consent can no longer be buried in dense pages of legalese, but must be written in plain language.
Though Autodesk will still (with permission) collect customer data, Wright clarified the company’s policy on the matter.
“We allow users to opt out of certain Autodesk analytics programs and third-party analytics programs unless the data collection is necessary to deliver the service,” he said.“Where we do collect command usage data, it’s primarily used for product improvement and error reporting purposes.”
To learn more about Autodesk’s updated privacy policies, you can read Wright’s blog post about the GDPR here.