Site icon

Do GDPR Regulations Apply to Businesses in the U.S.?

With the growth of the EU as an economic power, businesses in the United States are working to make headway into this lucrative commercial market. However, they are rapidly learning that the IT and data-driven practices standard in the U.S. will not stand in the GDPR-regulated European Union. 

There are some basic preparations that any U.S. business must undertake even to consider getting ready for business in the EU. 

 

GDPR and Territorial Scope

Per Article 3 of GDPR law, any company collecting information from a data subject resides in the European Union, regardless of the organization’s location.

The law defines two different types of organizations to which these laws apply to:

Both parties are held under the jurisdiction of GDPR rules when collecting and processing consumer data in the EU. A controller, however, may not process user data–they only make decisions regarding that processing. As such, controllers and processors have slightly different responsibilities under GDPR. One of these, not least, is the assumption of controller accountability for third-party processors.

Furthermore, it’s quite common for a business to be both a controller and a processor. In such cases, this organization must adhere to the strict requirements of both categories. 

 

GDPR and Data Collection Requirements

Generally speaking, however, if the organization or the data subject is within the EU, and/or the processing or collection of the data happens within the EU, then it is understood that the activity falls under GDPR.

This creates a few scenarios, depending on where that organization is:

 

How Can Companies in the U.S. Start Prepare for GDPR?

GDPR isn’t a law that snuck up on the business world. Many large enterprises have adjusted or at least begun the process–although that hasn’t been without its hiccups. However, these large enterprises are quick to learn, considering the steep costs of non-compliance. 

With Europrivacy looking to be a significant step towards a global GDPR assessment standard, there really isn’t a reason for even small businesses operating partially in the EU to begin looking down the road on their compliance journey.

Whether you’re a large or small business, there are a few critical steps you need to take to start preparing for GDPR:

 

Align Your Business with GDPR and Europrivacy with Lazarus Alliance

We’re peering into the future of regulations and compliance, and everywhere we see the GDPR as a major requirement for many large businesses. It’s simply not feasible to ignore what’s happening in the EU or how it impacts basic business practices like exchanging cookies or email information with EU citizens. 

If you’re seeing the writing on the wall and aligning your IT and business with GDPR and Europrivacy, then we can help. We have extensive experience with GDPR compliance as well as some of the most rigorous standards and regulations from around the world. 

[wpforms id=”137574″]

Exit mobile version