Do You Need to Prepare for the European Union’s General Data Protection Regulation (GDPR)?

Companies in the European Union (EU) have been preparing for the General Data Protection Regulation (GDPR) for a couple of years. As information on GDPR is being covered more frequently by the U.S. media, many firms are beginning to take notice and asking whether or not they will be impacted.

Who Needs to Prepare for GDPR?

Generally, GDPR applies to businesses that handle personal data on individuals in the EU. A company could be required to comply with GDPR standards even if they are not physically located in the EU and they do not transact business in Europe. Basically, any business that has customers, offers goods or services and/or monitors the behavior (profiles) of people in the EU must be GDPR compliant as of May 25, 2018. Depending on the infraction, companies can be fined up to €20 million (approximately $22.9 million) or 4% of global revenue for the previous year. This includes companies based in the U.S. that meet certain criteria.

GDPR broadens the rights individuals have under the current EU Data Protection Directive (DPD). Introduced in 1995, DPD was adapted by the EU to alleviate the need for businesses to adapt standards imposed by individual countries. American-based companies that did not have to comply with DPD may have to comply with GDPR. This includes professional service providers.

Learn How Your Firm Needs to Prepare for GDPR

Members: read more starting on page 6

Non-Members: learn more and subscribe