get_user_ip: 44.213.99.37

get_visitor_country: US

is_allowed_country: 1

What is GDPR and Does it Apply to Your US Business?

What is GDPR and Does it Apply to Your US Business?

By Steve Pogue

On May 25th, the European Union (E.U.) will take a significant step toward further protecting individuals’ data and privacy by enacting the General Data Protection Regulation (GDPR). With the compliance deadline looming, many organizations across the world are left with questions about how these new regulations might affect their operations, and what they need to do in order to prepare.

What is the GDPR?

The GDPR is a piece of legislation designed to harmonize and enforce a number of privacy and data protection laws across the E.U., improve corporate data transfer rules outside the E.U., and increase user control over personal data.

What does the GDPR do?

Among the changes and updates included in the GDPR, one of the most impactful is its territorial expansion beyond E.U. businesses to include any entity managing, processing, or exchanging E.U. data. This territorial expansion is why so many organizations across the world are revisiting their privacy policies and auditing the methods in which they store or use E.U. citizen data.

Is my US business subject to the GDPR?

This is what everyone wants to know, and while I’d like to give you a simple ‘yes’ or ‘no’ rubric, it’s more complicated than that. If you’re uncertain as to whether or not your business will be impacted by the GDPR, please consult a professional — this guide is for informational purposes only.

In contrast to previous directives, some of which were limited to organizations operating within the E.U., the GDPR applies to organizations both in and outside the E.U. who:

To give you a sense of some of the ways the GDPR can impact U.S. businesses, here are a couple illustrations:

A college or university targeting prospective students in the E.U. for their international programs:

Yes, they would be subject to the GDPR.

An advertising agency is using a project management solution and the agency has clients in the E.U. Within their project management solution they store identifiable information about their client:

Yes, the agency would need to make sure that their tools are compliant with GDPR.

Penalties for Non-Compliance

The E.U. established two tiers of penalties for non-compliance. Depending on the infraction, penalties on the first tier can reach as high as be up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, and up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.

You can read more about GDPR penalties here.

What is Workzone doing to comply with GDPR?

Workzone is partnering with the worldwide leader in GDPR compliance, the Privacy Shield program to ensure our product meets and complies with GDPR guidelines. Workzone’s product and legal teams are working hard to ensure compliance with GDPR. As the deadline approaches, Workzone will be communicating updates to our customers.

Where else can I learn about GDPR?

There’s a lot being written across the internet about GDPR, and for good reason! Here are a few really helpful resources: