In May of 2018, the European Union enacted one of the world’s strictest set of rules for personal data protection. The formal name of this legislation is the General Data Protection Regulation, but it is more commonly known as the GDPR.
The GDPR regulates personal data, which is defined as any information that can identify an individual, called a “data subject.” Affected companies must comply with data subjects’ wishes on how their personal data is processed, as well as keep records of how this processing occurs.
This article answers the question, when and how does the GDPR apply to US companies and US citizens? It covers the act’s core requirements and the specifics of GDPR enforcement that every US-based company should know.
- GDPR at a glance
- What data does the GDPR protect?
- Does the GDPR apply to EU citizens living in the US?
- Does the GDPR apply to US citizens?
- How does GDPR affect US companies?
- Does the GDPR apply to US government agencies and other public-sector organizations?
- What are the most important GDPR requirements for US companies?
- Afterward: Tips for becoming GDPR compliant
The scope for personal data under this definition is significantly broader than most US compliance standards, which tend to only protect data that can be used to commit fraud. In addition to names and government ID numbers, the GDPR also protects information that can connect back to a person’s “physical, physiological, genetic, mental, economic, cultural or social identity.”