GDPR: Does it Apply to Me?

If you have followed the tech headlines (or regularly read this blog) you are aware the GDPR is coming.

If not, here is a quick refresher: the General Data Protection Regulation (GDPR) creates drastic and broad-sweeping changes to data privacy for anyone who is in the EU (not just citizens, but visitors and immigrants, as well) and for any company that retains EU customer data. The purpose is to provide people with greater control over their own personal data; including the right to actively consent to every use of personal data, the right to limit that use, and the right to be forgotten. Companies have until May 25, 2018 to ensure they are in compliance with GDPR mandates.

Obviously, GDPR impacts all European companies and organizations that process personal data.

The same goes for U.S.-based multinational enterprises that do business with EU citizens. If you fall into either of those categories, we hope you are well on the way to complying with GDPR. But what about companies that have no direct business operations in Europe?  They have nothing to worry about, right?

Not true. GDPR applies to any company or organization that targets individuals residing in the EU. Said more simply: if you have a Website or market your products or services via the Internet (and who doesn’t) you need to be aware of GDPR. Here’s a handy chart that will help you determine if you are affected by GDPR:

GDPR: Does it Apply to Me?
One additional point: small businesses need to be aware of GDPR just like the big guys. Thankfully, the new rules recognize that smaller businesses lack the same legal and IT resources as larger enterprises. The compliance requirements aren’t quite as rigorous and there may be leniency for violations for companies with less than 250 employees. However, even if you are a small business, it’s much easier to work on getting compliant than figure out how to avoid GDPR all together.

To get started, read our new eBook: Getting Ready for GDPR – A Practical Guide.