As of 25 May 2018, the General Data Protection Regulation (GDPR) will apply in the EU. It replaces the previous data protection Directive 1995/46. The GDPR is a horizontal privacy legislation that applies across sector. It has a very broad scope and applies extraterritorially to U.S. companies regardless of their sector and regardless of whether they have physical presence in Europe - as long as they collect, transfer and/or process European personal data. Relevant aspects for businesses could be in relation with the product/service itself (because its operation requires the use of data defined as personal data under EU law) and/or in relation with clients/business partners’ personal data management (e.g. HR data of European employees, clients’ information etc.).
Fines in case of non-compliance can reach up to 4% of the annual worldwide revenue or 20 million euros – whichever is higher. Even if the GDPR is applicable only as of 25 May 2018, we urge companies of all sizes and sectors to start the compliance process as soon as possible with assistance of legal counsel.
Data Privacy RESOURCES for US Business
Background: https://www.export.gov/europe/theeuropeanmarket/eg_eur_120910.asp#P58_4347 Commercial Service GDPR Introductory Report: https://www.export.gov/article?id=EU-NEW-DATA-PRIVACY-LEGISLATION-GDPR GDPR & EU-US Privacy Shield Recorded Webinar, 5/22/18: https://emenuapps.ita.doc.gov/ePublic/event/editWebReg.do?SmartCode=8QER The Commission’s EU legislative framework http://ec.europa.eu/justice/data-protection/reform/index_en.htm
The GDPR also requires compliance for international personal data transfers. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Commercial Service introductory report on international personal data transfers from the EU to the U.S.: https://www.export.gov/article?id=European-Union-Transferring-Personal-Data-From-the-EU-to-the-US
More information on Privacy Shield: https://www.privacyshield.gov/welcome
For general inquiries about EU data privacy legislation, please send an email to: office.brusselsec@trade.gov.
Notice to Visitors!
The link you have chosen will take you to a non-U.S. Government website.
If the page does not appear in 5 seconds, please click this: outside web site
Export.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.
BuyUSA.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.