Lanner-America

What GDPR Means for Non-EU Companies Doing Business With EU-Based Customers

gdpr meaning for non-eu companies

On the 25th of May 2018, The EU will replace its Data Protection Directive and enforce much stricter controls on the handling of personal information and individual privacy. While this regulation is from the EU, it could have significant effects on those doing business with customers in the European Union.

This means that thousands or even millions of non-EU businesses could be affected by the new regulations and thus, those businesses should know what it is and how it affects them. In this article, we’ll briefly discuss what the new GDPR regulations mean for businesses operating outside the European Union who have customers within it and how they can bring themselves up to compliance.

So, let’s jump straight in.

What is GDPR?

We’ve previously gone into detail about what GDPR is and how it affects both IoT data and video surveillance data in other articles which you can read here and here, however, for the purposes of this article, we’ll briefly explain what GDPR is in a few bullet points.

What Does It Mean for Non-EU Companies?

Now, you may think that, due to the GDPR being an EU regulation that it would only apply to EU businesses that operated inside the European Union, however, this is not the case. The General Data Protection Regulations have an increased territorial scope that means that they can apply to data controllers outside of the EU as well as within. This could mean huge fines for any businesses or enterprises found to be non-compliant with the regulations while still dealing with European-based individual’s personal data. In some cases, businesses and enterprises may even need to hire an EU representative.

The kinds of non-EU businesses and organisations that the GDPR applies to are those that are in control of and perform any kind of processing of the data of European individuals in a way that relates to either;

  1. Offering of goods or services to data subjects within the European Union (regardless of whether the goods or services are offered for free or with a price attached)
  2. The monitoring of the behavior or online habits of a data subject so long as that monitoring takes place within the European Union.

Specifically, the GDPR expands the list of existing safeguards that are appropriate for a controller or processor of data to then go on to implement international transfers of data. This means that businesses and enterprises looking to collect or process data from individuals within the EU will need to ensure they have all the applicable safeguards implemented to ensure they are compliant with the GDPR. In light of this, many companies are auditing themselves or bringing in binding in-house data protection rules that fall in line with those of the GDPR.

With only limited time left to bring themselves up to compliance, both European and international businesses and enterprises that deal with and handle the personal data of individuals within the European Union are racing against the clock in order to meet the May 25th deadline. Significant fines and an extremely undesirable reputation damage in the area of data protection are just two of the many reasons why both EU and non-EU companies will want to avoid any GDPR irregularities and, with data becoming increasingly valuable to nearly every commercial and industrial process on the planet, one can only imagine that they’ll be doing everything they can to become compliant in time.

Exit mobile version