One of the biggest questions surrounding the impending GDPR deadline is who actually needs to be compliant with the regulation. The new rules focus directly on EU citizens’ rights regarding personal data collected and processed by businesses, but companies that reside outside the borders of the EU, particularly those in the UK, may not be sure of whether or not GDPR compliance applies to them.
Surprise: It probably does.
Why Do You Need to Comply?
The reason companies in the US, UK, and other countries outside the EU may need to comply with the GDPR is actually rather simple. Plainly stated within the regulation is that any business that offers goods and services to, or monitors, an EU citizen is bound by the rules outlined within it. This means that a US-based company that does business with someone in France needs to ensure it’s compliant.
What may be less obvious is how the regulatory body will apply the sanctions and legal action that go along with noncompliance should a company fail to follow the rules.
What Else Should You Know?
There is one more key factor for GDPR compliance that applies directly to businesses located outside of the EU that’s critical. For any business that doesn’t have a presence in the EU but interacts with EU citizens in a way that demands compliance, they need to appoint a representative that physically resides in the EU. This plays an important role in both visibility and communication for the regulation, and provides a way for individuals to exercise their rights under the GDPR for access, changing, challenging, or having their data forgotten, as well as objecting to direct marketing.
When it comes to GDPR compliance it’s better to be safe than sorry. Many in the fintech and data privacy fields believe that regulatory bodies will look to set a harsh example early on for organizations that don’t meet the May 2018 compliance deadline. If you do any business within the EU or UK, it will be critical to prepare for the GDPR and make the necessary changes to how you collect, process, and store data, and how you communicate that information with customers.