What US-based companies need to know about GDPR
The EU General Data Protection Regulation [GDPR] is designed to strengthen and unify the protection of personal data of EU data subjects i.e., EU citizens, residents and even, perhaps visitors.
For this purpose, the regulation is extraterritorial in scope. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy. Hence, if you have a company established in the USA and are offering goods/services (paid or for free) or you are monitoring the behaviour of individuals in the EU you must ensure GDPR compliance.
What this means in practice is that if you collect and/or process any personal data of individuals in the EU, you must adhere to GDPR strict rules and principles. Personal data are any information which are related to an identified or identifiable natural person. For example, email address, telephone number, IP address and similar.
Failure to comply with GDPR may result in hefty fines up to 20 million euros or 4% of the global turnover of the preceding financial year – whichever greater. GDPR violation can affect your reputation and result in your partners and customers deciding to terminate their business relationship with you.
You may be wondering how the European Union will enforce a law in territory it does not control. The fact is, foreign governments help other countries enforce their laws through mutual assistance treaties and other mechanisms all the time. GDPR Article 50 addresses this question directly.
Moreover, if your customer base includes EU data subjects, and you do not have an establishment in the EU, you are obliged to appoint an EU Representative under Article 27 of the GDPR. The EU Representative will serve as the point of contact between you, the Supervisory Authority and data subjects. It will also respond to any queries the Supervisory Authority or data subjects have, make records available to the Supervisory Authority and maintain records of your businesses data processing activities.
Now that the UK has left the EU the situation becomes slightly more complicated and most companies outside of the UK will now need a UK Representative also. So, if you have customers, employees, or suppliers in either the UK or the EU you will need a Representative to act as your agent in each territory.
You should choose carefully and ensure that your Representative has GDPR knowledge and experience and is able to respond to requests from your EU and UK customers quickly and effectively.
This is where we can help you! With clients from United Kingdom, European Union countries, USA and Australia, our compliance team of experts provides services that will ensure you are GDPR compliant.
If you need an EU/UK representative you can easily set your account in less than 5 minutes. We provide full support on the due-diligence process.
Additional services that we offer are Data Protection Officer (DPO), consultancy, providing full GDPR set of documents, GDPR training e.t.c .
You can approach us anytime on [email protected]. We stand at your disposal.
If you need more info please take a look at our website.