The European Union (EU) General Data Protection Regulation (GDPR) will take effect on May 25, 2018. GDPR is the most significant change to European data privacy in over 20 years. Whether or not you are in the European Union, failure to comply may result in fines up to 4 percent of annual revenue or more.
Are U.S. Businesses Required to Comply?
Any U.S. company that collects personally identifiable information or financial data through their website from someone physically located in one of the 28 EU member states is subject to the requirements of GDPR. Although this is not an exclusive list, it is especially important to review compliance regulations if you are a hospitality, travel, software services or eCommerce company.
GDPR applies if you:
Note: If EU consumers are outside the EU when the data is collected, the GDPR does not apply.
What is Personally Identifiable Information?
Personally identifiable information is any data that can be used to identify a specific individual. This includes name, social security number, physical or email address and phone number. Technology has expanded the scope to include login ids, social media posts, digital images or any identifiable behavioral data collected using analytics or personalization platforms.
What You Need to Do
This is not a comprehensive list but completing the following actions is a start and may even be sufficient for most U.S. based companies – for now at least.
To be successful online and stand above the competition you need the right web partner. Smart Solutions is 100% dedicated to your success.