While all European Union (EU) businesses should now be fully compliant with the General Data Protection Regulation (GDPR), B2B firms based in the United States are still wondering what GDPR means for them. Do they need to comply? If so, to what degree?
We have helped many of our B2B clients over the past few months comply with the GDPR at various levels, depending on their involvement with the EU. In this article, we will provide a summary of GDPR and give you several options to consider to help your US-based firm move towards GDPR compliance, based on its involvement with the EU. While only EU citizens are currently protected under the GDPR, we anticipate similar regulations might make their way to the U.S. in the future.
By now you probably know that the GDPR is legislation approved by the EU to create greater and more uniform data privacy protection for all EU citizens. The goals of the GDPR are to give EU citizens insight into the data collected about them and put the control into the hands of users, rather than companies.
Here are three main areas of focus for the GDPR:
There is a lot of gray area with this regulation, but we’ve seen clients fall into three general areas, based on EU involvement. The levels are based on several different parameters:
Ultimately, our team is not equipped to guide from a legal or compliance standpoint, so it is imperative that you speak with your legal team and assess your firm’s needs when it comes to GDPR and how to adapt to the new regulations. With that disclaimer, we hope this article can provide you with some basic guidance to determining what level your firm falls into and to what degree you need to comply with GDPR.
About The Author