Europe’s Reach Across the Atlantic
The General Data Protection Regulation (GDPR) is a European Union law, but it has significant extraterritorial reach. If a US company offers goods or services to EU residents, or monitors their behavior, GDPR likely applies.
Key GDPR Concepts
- Lawful Basis for Processing: You need a valid reason (like consent or contract) to process personal data.
- Data Subject Rights: EU residents have rights to access, rectify, erase, and port their data.
- Data Protection Officer (DPO): Some companies need to appoint a DPO.
- High Fines: Up to 4% of global annual revenue for non-compliance.
For US Companies
If you have EU customers or website visitors, understand your GDPR obligations, update privacy policies, and ensure you can fulfill data subject requests.
