The General Data Protection Regulation (GDPR) is a new European data protection law which replaces the existing EU data protection regime under Directive 95/46/EC. The GDPR sets out provisions intended to harmonize data protection laws throughout the EU by applying a single data protection law that is binding throughout all member states. The GDPR became effective on 25 May 2018.
The GDPR only applies to 23andMe customers based in an EU member state who purchased 23andMe Services marketed and sold in that EU member state. While the GDPR only applies in the EU, we're taking the opportunity to make improvements for all 23andMe customers globally.
Here’s more information on what we’ve been working on at 23andMe:
Greater Transparency. Much of the GDPR requirements focus on increasing transparency around a company’s data processing activities and ensuring data is processed and handled in a secure way. In order to ensure our customers understand what data we process, how we process it, and for what purposes we process data we updated our Privacy Statement. We updated and expanded our “Privacy Highlights” section, added additional information about our practices, and made our Privacy Statement easier to understand.
Security. Another key focus of the GDPR is ensuring data is processed in a secure manner. We have evaluated all of our processing activities to ensure we are appropriately mitigating risks to personal information by implementing technical and organizational security measures. Activities that process sensitive information, such as Genetic Information, may be innately riskier and therefore require greater security. Read more about 23andMe Security practices.
New Tools and Functionality. We added new tools and functionality to your Account Settings page to further empower you to be in control over your information. More 23andMe data than ever before is downloadable within your account.
Access and Download: All customers now have the ability to download Profile Data related to their use of the Service in addition to the information generated from the processing of their DNA (raw genetic data*, DNA Relatives Data, Ancestry Composition raw data, etc.).
Delete: We’ve also streamlined and automated our account deletion process. You can delete your account and data at anytime, directly within your account settings. Read more about account deletion.
This data has undergone a general quality review however only a subset of markers have been individually validated for accuracy. The data from 23andMe’s Browse Raw Data feature is suitable only for informational use and not for medical, diagnostic or other use. Consult with a healthcare professional before making any major lifestyle changes.