In an article for Marketing Dive, Qubit’s Jack Carvel looks at the cross-border implications of the GDPR for US companies.
Legislation, and cross-border regulation, has often trailed behind practice when it comes to technology, specifically the use and abuse of data. Data has come to prominence recently, with high profile litigation like the current US Supreme Court case “United States v. Microsoft Corp”, and the Cambridge Analytica - Facebook scandal, squarely in the public eye.
Against this backdrop is the General Data Protection Regulation (GDPR), which seeks to apply enhanced data protection standards with impacts beyond EU borders.
How EU law can impact US businesses
The GDPR will be relevant for US businesses with internet presences in the EU (regardless of whether they sell directly into the EU or not) and those which accept EU currencies and/or have EU web domains. Even more than that, it will apply if businesses have EU site visitors, and personalize their websites.
And because the penalties the GDPR can impose are serious, complying with the GDPR is serious business.
Complying with the GDPR
For organizations familiar with EU data protection law, the GDPR is not a revolution, it is more of an evolution. For organizations which aren’t, there are some foundations to get to grip with. These include the GDPR’s definition of “personal data” (not the same as PII), the data protection principles, legal bases for processing data and the rights of data subjects. We explored a lot of these foundations in our December webinar.
For more about complying with GDPR, check out the article on Marketing Dive and keep an eye out for more blogs and content as the May 25 deadline approaches.