New European Union Law Affects U.S. Businesses and Nonprofits
The European Union’s new General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. This new directive is far-reaching and imposes steep penalties for non-compliance. Moreover, it’s scope extends to any entity gathering personal data (defined broadly) from EU citizens, regardless of the entity’s location. This means that U.S. companies are required to comply. If your company, for any reason, gathers personally identifying information from EU citizens within the EU, you must implement policies which comply with the GDPR.
What is the GDPR?
In a nut-shell, the GDPR is intended to create more accountability on the part of companies who gather citizens’ personal data, providing a safe-guard (read: penalties) for data-breaches. The GDPR also increases transparency. For example, the GDPR requires that legal notices no longer to be fine-print legalese. Rather, the notices must be clear and accessible to the common man – no more sweeping consent via box-checking! Click here for more information on the scope and purpose of this new regulation.
What does it mean for businesses/nonprofits in the U.S.?
If your business/nonprofit for any reason obtains any personally identifying information from EU citizens residing in the EU, you must be GDPR compliant in order to avoid penalty.
What about Brexit?
Brexit is not yet finalized, and as such, if your company gathers data from citizens of the UK you must still comply with the GDPR. Even post-Brexit, the UK is working on its own similar legislation. Thus, in the abundance of caution, it is best to prepare ahead of time for what will likely be similar requirements.
Compliance
If your company in any way, for any reason, obtains data from citizens within the EU and/or UK, it is highly recommended that you contact us to help your company prepare for the May 25, 2018 implementation of this regulation. We are working on FAQ to help our clients comply with this new broad GDPR so stay tuned if you are a client who needs help. Please contact us immediately. In depth explanation and analysis of the new regulation can be found online at www.eugdpr.org. Please make sure that your company is in compliance.
Disclaimer: This memorandum is provided for general information purposes only and is not a substitute for legal advice particular to your situation. No recipients of this memo should act or refrain from acting solely on the basis of this memorandum without seeking professional legal counsel. Simms Showers LLP expressly disclaims all liability relating to actions taken or not taken based solely on the content of this memorandum. Please contact Justin Coleman at jrc@simmsshowerslaw.com for legal advice that will meet your specific needs.