GDPR

What Your Business Needs To Know

The topic everyone’s talking about is…PRIVACY! How is consumer data being used and do they have a right to know? Here’s what every US business needs to know about the new data privacy rules, and GDPR requirements.

GDPR

What Your Business Needs To Know

The topic everyone’s talking about is…PRIVACY! How is consumer data being used and do they have a right to know? Here’s what every US business needs to know about the new data privacy rules, and GDPR requirements.

From the EU to the USA

GDPR is one of the biggest data privacy laws in over 20 years. These regulations will impact businesses that utilize personal data of EU citizens, even if the company is not based in the EU. This means that the GDPR will apply to US websites as well.

If you have a business with a website and you receive traffic from European Union visitors, regardless of whether you market your products or services to European markets.

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s the core of Europe’s digital privacy legislation that protects Europeans with regards to the processing of their data, as well as laying down the rules relating to the free movement of personal data. 

Guide to the General Data Protection Regulation (GDPR)

The reforms are made to reflect the world we’re living in now and bring laws and obligations – including those around personal data, privacy, and consent – across Europe up to speed for the internet-connected age.

Almost every aspect of our lives revolves around data. From social media to banks and governments – most of the service we use involves collecting our data. Your name, address, credit card number, SSN, and more all collected and, most importantly, stored by organizations.

 

Does the GDPR affect the US?

The GDPR has extra-territorial scope, which means that even websites outside of the Europe that process data of people inside Europe are obligated to comply with the GDPR. 

If you have a website in the US and you have visitors/clients from Europe, the GDPR applies to your domain. US companies within the scope of the GDPR should assume they will have to comply with all the Regulation’s requirements.

If your website processes personally identifiable information of someone in Europe, it has to be done on one of the following legal grounds:

 

If your website processes personally identifiable information of someone in Europe, it has to be done on one of the following legal grounds:

 

  • Consent as a legal ground for lawful processing
  • Contractual necessity as a lawful basis for processing
  • Lawful processing on the ground of legal obligations
  • Vital interests and lawful personal data processing
  • Public interest as a basis for lawful processing
  • Legitimate interests as a legal basis for processing

GDPR for US companies and websites

For a website to comply with GDPR in the US, these conditions for consent must be met.

GDPR compliance checklist for US companies

Your website, when engaging with visitors from inside the EU, and so processing their PII (personally identifiable information), must:

Lawfulness and transparency

Data processing must be legal and the information collected is used fairly. Users must not be misled about how their information is used.

Purpose limitation

The purpose of processing must be clear from the start, recorded, and changed only if there is user consent

Data minimization

Only data required for the stated processing purpose should be collected

Accuracy

Reasonable steps must be taken to ensure the collected data is accurate and up to date

Storage limitation

Data shouldn’t be kept longer than necessary

Integrity and confidentiality

Appropriate cybersecurity measures must be put in place to protect personal data being stored

Accountability

Organizations are accountable for how they handle data and comply with the GDPR

GDPR Penalties and Fines

Fines for companies that do not comply with the GDPR can be as high as 4% of their annual global revenue or €20 million, whichever is higher.

The national enforcement agencies of various EU/EEA countries have the legal means to enforce non-compliance fines and penalties on companies located outside of their territory.