What is the General Data Protection Regulation?

The General Data Protection Regulation, also called GDPR, is a new European law that came into practice a few days ago, on 25th May 2018.

All businesses, whether or not based in the European Union, who collect data from EU citizens, must now comply with this law, which gives more rights to people concerning their data.

EU citizens now have the right to:

-          - Access their data stored by an organization
-          - Request deletion of their data
-          - Edit their data stored by an organization
-          - Restrict the processing of their data 

Also, some organisations will have to ask for their explicit consent to send information, like a newsletter for example, to EU citizens. For that reason, Retrofanattic has contacted all people who previously subscribed to our newsletter to ask them to confirm if they wanted to carry on receiving it in their mailbox. 

I have also modified the subscription form to ask new subscribers to opt-in to their chosen marketing information when they subscribe.
Marketing information includes all coupon codes and other promotions, information about customers’ loyalty cards, special mailings and coupon codes for Christmas.

Under the GDPR, pre-ticked boxes on a subscription form are now forbidden.

Under the GDPR, a data breach notification must be sent when this breach is likely to “result in a risk for the rights and freedom of individuals”. (Source) There is no obligation to send a notification if the breach is unlikely to result in such risks, or if data is encrypted when it is sent.

I have updated Retrofanattic's shop’s policy to better inform our customers and visitors about the way we keep and use their data, how and when we contact them, how long it takes us to delete data, etc.

The fact that this law applies to EU citizens only does not mean that Retrofanattic will not offer other citizens the same data protection. Retrofanattic has decided that all citizens, wherever they are based, have the same rights to access their data, request deletion of their data, etc. 
All newsletter subscribers, wherever they are based, will also have to tick the boxes corresponding to their marketing preferences, if they choose to receive information from Retrofanattic.

Was there no protection at all before the GDPR?

There was a Directive, but not a Regulation. “A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how.” (Source)

For more information about the GDPR, please visit this link:

Data protection and Brexit.

For more information about data protection and Brexit, please visit this link:

This section will be updated in the future.