Does GDPR Apply to US Companies?

In May of 2018, the European Union enacted one of the world’s strictest set of rules for personal data protection. The formal name of this legislation is the General Data Protection Regulation, but it is more commonly known as the GDPR.

The GDPR regulates personal data, which is defined as any information that can identify an individual, called a “data subject.” Affected companies must comply with data subjects’ wishes on how their personal data is processed, as well as keep records of how this processing occurs.

This article answers the question, when and how does the GDPR apply to US companies and US citizens? It covers the act’s core requirements and the specifics of GDPR enforcement that every US-based company should know.

The scope for personal data under this definition is significantly broader than most US compliance standards, which tend to only protect data that can be used to commit fraud. In addition to names and government ID numbers, the GDPR also protects information that can connect back to a person’s “physical, physiological, genetic, mental, economic, cultural or social identity.”

Leave a Reply

Your email address will not be published. Required fields are marked *