How a New European Law May Affect US Businesses

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. In general, the law will require affected businesses to potentially overhaul their online privacy, data breach, and data collection and retention policies and practices. Noncompliance can involve hefty fines and penalties. Although the GDPR has generated a lot of talk among businesses with a physical presence in the European Union (EU) who are clearly subject to the law, not as much information has been generated about how the GDPR may affect US-based businesses that have an online presence. Many US businesses that are generally aware of the GDPR may believe that they are unaffected by the requirements of the GDPR simply because they do not actually make any international sales. However, if a US business is collecting personal data from EU citizens or marketing to EU citizens, then the US business will fall within the scope of GDPR and must comply. US-based businesses such as e-commerce, logistics, software services and travel companies should definitely take the time to familiarize themselves with the scope and requirements of the GDPR as well as companies with a strong on-line presence. While a lot of questions about the GDPR remain, companies that think they may be subject to these sweeping new requirements should seek out information about what they may need to do to comply.