We can start by rejecting the unhelpful acronym. We can speak instead about data protection or – if precision is essential – the European Union’s General Data Protection Regulation.
However, “GDPR” appears constantly in headlines and seminar titles. Those writing about the regulations tend to use its exact wording for fear of misinterpreting. And since even experts who have to apply the regulation can scarcely interpret what it is going to mean in practice, we all nervously bide our time by calculating how long until implementation (as I write: 62 days, 17 hours, 20 minutes, 15 seconds).
In general, the purpose of the regulation is to ensure the transparent and reliable processing of personal data. Only necessary information should be collected, and it should be restricted to the specific purpose. Approval is required for the collection of personal data, and everyone should have access to his own data. The regulation also stresses that “information shall be provided in a clear, easily understandable and accessible form, and in clear and plain language”.
You may wonder where such clear and simple language can be found. I can tell you I haven’t yet found it in documents and contracts about the GDPR.