General Data Protection Regulation (GDPR) goes into effect in the EU on Friday, but it affects any global company that has anything to do with data processing or storing information of any sort.

This has been in the works for several years; it was first announced in April 2016 and was intended to put some teeth into the Data Protection Act of 1998.

GDPR is tough and the punishment for non-compliance is draconian. For example, a breach of record-keeping obligations incurs a fine of 10 million euros or 2 percent of global income, whichever is more. Infringing people's data rights or any sort of unlawful transfers of data out of the EU results in a fine of 20 million euros or 4 percent of global income, whichever is higher.

Under the GDPR, individuals may sue for any violation of their rights. You have more control over your own data than you could ever imagine. Supposedly nobody can do anything with your personal data (including identification number, location data, online identifiers, genetic data, and biometric data) without your explicit consent, and you can withdraw consent at any time. This is kind of an extension of the EU "right to be forgotten" idea. It should be fun to see how this works.

I must assume this means no fine print or trickery. These rules throw a wrench into all the fancy marketing schemes out there unless somewhere along the line you are suckered into giving blanket consent saying anything goes. This may be illegal, too.

As an aside, it will be interesting to see how your rights can be worked out within the various blockchain schemes that seemingly are impossible to edit or expunge randomly within the chain. It seems like it would be a nightmare.

Because of the ridiculous requirements and onerous fines for non-compliance or violations, I suspect the worst will happen: fake reports and never reporting a breach ever.

Since there is no GDPR police, companies can claim to be in compliance and merely lie to anyone asking too many questions. If you wonder why your Amazon purchase now shows up in an ad on some other website, it will just be a coincidence.

Companies must report data breaches within 72 hours, not wait months and months. How about never reporting it? Of course, whistleblowers can negate this. And this leads me to some potential script dialogue for a movie about all this.

Jenkins: (storming into the office) Boss, boss!

Boss: What is it Jenkins? What has you so bothered?

Jenkins: We discovered a data breach from a week ago and we are in violation of the GDPR reporting requirements?

Boss: What? How did this happen? How bad is it?

Jenkins: It's bad.

Boss: Who else knows about this?

Related How GDPR Will Impact the AI Industry

Jenkins: Only Bill Olsen and Jim Thresher, so far.

Boss: Kill them!

The law requires that companies have data protection officer. This will result in the hiring of a lot of amateurs and hangers-on who will take this role and know pretty much nothing about anything.

This lack of knowledge will be quickly fixed with an inordinate number of seminars and newly formed organizations that will pick up the slack and bring everyone up to snuff by creating best practices. Once established and implemented everyone can fall back on them as an excuse when anything goes wrong. In other words, if you do everything according to them, any failure is not your fault.

The way I see it, GDPR is going to make a mess sooner rather than later. I also suspect that Google, Amazon, and Facebook are primary targets so the EU can soak them with big fines.

In the meantime, keep an eye on your data. On Friday it is all yours.