New EU Privacy Law Targets U.S. Businesses, Too
Stiff Penalties Will Likely Force Compliance With GDPR
A sweeping new law aimed at protecting the privacy of people living in the European Union will likely force virtually all businesses – small and large – here in the United States to overhaul the way they collect and use personal information received and stored digitally, or face potentially huge fines.
The European Union’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, represents a paradigm shift in how companies across the world will be required to collect and use personal information. Its scope is not limited to companies in the EU; it covers any business that collects or processes the “personal data” of EU residents, irrespective of where in the world the company is located or if it is an online-only enterprise. Because of the inherently global nature of the internet, the GDPR’s application will arguably extend to nearly every company in the world with a website and/or an app. Furthermore, the penalties for breaching the GDPR are potentially devastating: up to the greater of four percent of a breaching company’s annual global revenue or 20 million euros.
Read entire article here.