It is tempting at best and annoying at worst for US-based businesses to ignore European Privacy Laws. How does GDPR even affect us? These regulations have some serious risk — you may need it more than you think.
EU laws may not sound very important for US-based companies but consider this – the US is the largest partner for EU exports and the second-largest partner for EU imports. The EU exported almost $400 billion and imported more than $200 billion with the US in 2019 alone. That’s a lot of cookies.
What Is the GDPR?
The European GDPR (General Data Privacy Regulation) came into effect in 2018. The law came onto the books in 2016 and Europeans were given two years’ worth of grace to become compliant.
The regulation is much bigger than letting you know a website is asking you to accept a cookie or storing your IP address. This regulation is important because it improves the protection of European data subjects’ rights. It does this by clarifying how companies that process customer data must safeguard those rights.
My Business Isn’t in Europe
GDPR legislation regulates any international company based outside the European Union that has activities within it. Organizations that store or process the personal data of EU residents (or their staff living in the EU) are subject to this regulation. That affects not only European companies, but also many US companies — even if they do not have a physical presence there. Your company only needs to be processing or retaining data collected about EU residents while they are in the EU to fall under the jurisdiction.
While it’s safe to assume multinational or subsidiary companies established in the EU are subject to rules that regulate data transfers between countries, even small US-based businesses — not explicitly targeting the EU — can be affected.
Small businesses probably have a website and the chances are high that some of their website traffic comes from the EU. This means the regulation will apply to your business.
What is My GDPR Risk?
The maximum fine for a data violation under the GDPR is 20 million euro or 4% of a company’s global revenue. There are no similar regulations to the GDPR in the US, but most states have laws regarding data collection and requirements. States like California are modeling their legislation after GDPR.
With the global marketplace exchanging personal data via websites and apps, such a regulation to pass in the US is more likely than not.
Stay Ahead of the Curve
The best business strategy is to get ahead of the curve now and avoid the rush. While GDPR may seem a chaotic headache, there are definite advantages to making online interactions more private. Of course, the upside is protecting your customer’s data and respecting their privacy.