02 Mar GPDR is coming
US Companies: The GDPR Is Coming!
Wondering how the GDPR might affect US-Based companies? You are not alone.
The GDPR will apply to US-based companies who offer goods or services to EU data subjects and/or monitor the data behavior of EU data subjects. If a company in the US is not actively marketing to EU data subjects, a scenario in which an EU data subject can visit the company’s website and purchase a product or service the GDPR will most likely apply.
The GDPR, for example, does not spell out that it only applies if a company is only conducting active marketing campaigns into the EU, just that the company is offering products and services to individuals residing in the EU.
There are other determining factors in determining whether the company is offering goods or services to EU data subjects. We have seen where the regulators may consider whether the website has been translated to the local language or the currency has been converted to reflect that of the member state. It is important to note if your company is monitoring the behavior of data subjects, the GDPR applies. Also, cookies can be utilized to monitor the behavior of someone visiting a company website and often collects personal data like the visitor’s IP address.
Companies based in the US must ensure they understand whether the GDPR applies. If not, they should specifically document the analysis outlining why that is the case. If the GDPR does apply to your company based on the above scenarios, we recommend that your company begin preparing for the May 25, 2018, effective date now by performing data mapping, building data inventories, data subject right applicability and exceptions and ensuring protection of the personal data they collect is in line with the new EU legislation.
We understand compliance with these requirements can be difficult to manage. Please feel free to reach Contact US for more information on the GDPR requirements and how to comply, or any other privacy, security or compliance matters.