GDPR – Privacy Implications for U.S. Companies Serving EU Customers

GDPR

If you’ve ever visited a website with a message like this, “We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Read more…,” you might wonder what this is all about. It’s actually an EU law called GDPR, or General Data Protection Regulation. This law gives every EU citizen control over their own data and privacy.

Perhaps you noticed a flood of emails from companies notifying you of an updated privacy policy – this is all part of a requirement for GDPR. Privacy rights for EU customers are quite extensive and complex for good reason. Perhaps we could learn some valuable lessons from EU about privacy and get inspired to demand similar laws in the US. Just today on headline news was a story about the Weather Channel App misleading users by tracking them every place they go and profiting from their location data.

GDPR became effective in May 2018 but it actually has its roots in earlier European policies. The Data Protection Directive enacted in 1995 and even earlier, the Fair Information Practices initiated the process of defining the ways that consumer information should be used. This is very different from the privacy regulations for healthcare, finances and federal communication in the US. GDPR is mandated by law for all individuals within the European Union (EU) and the European Economic Area (EEA).

In response to GDPR, Microsoft has created a privacy dashboard for customers to allow them to manage their personal information. Although not all companies are giving all users the same rights as EU users, most are becoming more transparent with their privacy settings. It is up to the user, however, to wade through privacy legalese and configure settings to assure protection of their privacy. This also means being aware of the risk with location data turned on.

Why businesses in the US need to know about and comply with GDPR

Because GDPR significantly impacts many websites in the US, it is important to understand what it is and what it requires. Otherwise, you will lose access to 500 million people in the EU who want to visit your site and buy from you. Being familiar with the law also provides valuable insights about questions you could and should be asking when it comes to your own data and privacy.

Maybe you’re not particularly worried about customers from the EU but here’s the thing. If someone from the EU is searching for services in your local area in preparation for their visit, do you really want to lose out on that customer’s business?

How to be GDPR compliant

If you are a business serving EU customers, you are required to:

  • Disclose what kind of data you are collecting about your users including children if applicable.
  • Disclose how personal information is collected and stored.
  • Get consent before collecting personal data including name, email and IP address via cookies.
  • Stop processing or delete data when requested to do so by the user.
  • Report any data breaches within 72 hours to a European agency.
  • Notify users directly in the event of a high-risk data breach.

GDPR also recommends pseudonymization of personal data to enhance user privacy by enabling more secure processing of the data. Pseudonymized data involves detaching certain fields/identifiers from the personal data record and replacing sensitive data fields in the record with pseudonyms. This is done to reduce the likelihood that the natural person would be identified from analysis of the data.

If all of this sounds complicated, well it is. But fortunately, there are tools that can automate much of the process of GDPR compliance for the vast majority of companies.

Leave a comment

REQUEST A FREE CONSULTATION

Enter your details below to tell me how I might assist you.

*Full Name(Required)
Services of Interest(Required)

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.