A Fact Sheet
Will the European Union’s (EU) General Data Protection Regulation (GDPR) impact US businesses?
You bet it will. Here are seven facts about the 28-member EU attempt to strengthen data security including 72-hour breach reporting, stronger consumer consent, and high fines:
- On May 25, 2018, any company that gathers data on EU citizens needs to comply with the GDPR.
- A PwC survey suggested that 92 percent of US companies consider GDPR a top data protection priority.
- If you collect personal data or behavioral information from someone in an EU country when the data is collected, your company is subject to the requirements of the GDPR.
- At first glance this sounds like it might not apply to US businesses. However, any US company with a web presence and marketing products all over the web may need to comply.
- A financial transaction does not need to occur. If your business collects personal data or personally identifiable information (PII), the data needs protection using GDPR guidelines.
- Generic marketing does not count, just targeted marketing.
- The EU is serious about a uniform data and privacy law for its market. This rule has already changed the web practices of major US companies.
You Need To Know About GDPR
In general, if your enterprise is a US based hospitality, travel, software services, or e-commerce companies, you will need to scrutinize the online marketing practices you use. Especially, US businesses targeting European markets need to become fluent in GDPR regulations.
Since this is a new development, the application and interpretation of GDPR for US businesses will evolve.
Also, there is a lot of information about GDPR on the internet. The two sources used for the above information are:
Make sure you review GDPR and know about any impact to your business. The fines levied for non-compliance are significant.