How Does GDPR Affect American Companies?

So, what is GDPR? If I don’t have a British accent I don’t have to worry about it, right? WRONG! GDPR is short for the General Data Protection Regulation that went into effect in the European Union on May 25th of this year. Even if you live on this side of the pond you could be affected by its rules. According to the European Commission, the EU data protection rules apply to the European Economic Area (EEA), which includes all EU countries and the non-EU countries of Iceland, Liechtenstein and Norway. When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data.

What exactly does “special safeguards are foreseen to ensure that the protection travels with the data”, mean? Essentially businesses that target the EU, such as offering goods or services to EU citizens or monitoring the behaviors of EU citizens, even if the business itself is not based in the EU or affected areas — will be subject to the GDPR. The following rules apply:

  • Privacy policies need to be clear, understandable and easily accessible so that individuals can definitely understand how and why their data is being processed.
  • Consent must be given freely. In cases of sensitive personal data, it must also be “explicit”.
  • Companies must appoint an internal a Data Protection Officer (DPO).
  • Individuals’ rights have been extended to explicitly include the right to be forgotten, the right to switch personal data between service providers (known as data portability), and the right to know if their data has been hacked.
  • In the event of a personal data breach, data controllers must notify the appropriate supervisory authority no later than 72 hours after having become aware of it.
  • An individual’s request for information must be provided within one month. Only for a good reason can this one-month deadline be exceeded. As a rule, the information is to be provided free. If further copies are requested, a reasonable administrative charge can be applied.

Depending on the nature of the offense, fines can reach $24 million, or four percent of worldwide yearly revenue of the previous financial year, whichever amount is higher. For more information on GDPR go to

Denise Maceyko Hartman is a Marketing Strategist for JP Enterprises Unlimited and enjoys spending time with her family and friends.

Share this post!

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email