The European Union (EU) GDPR is a set of rules that require businesses to protect the personal data and privacy of EU citizens. As of 25 May 2018 all 28 EU member states will enforce GDPR, setting new standards for the way we collect, store and use data.
GDPR is built on the premise that a person’s information is owned by that individual, and that any organisation collecting personal data has an obligation to seek consent before doing so and to use and store the data responsibly and securely.
Any company that deals with European citizens' data is affected by GDPR.
Companies “processing” (collecting, storing and using) data need to become GDPR compliant. This doesn't just apply to global social networks or search engines, it applies to all businesses that interact with European consumers, distributors, partners etc.
Further, the GDPR remit extends to data that are transferred outside of the EU. A U.S. company that has no physical presence in Europe but relies on European distributors for example, is still subject to GDPR, as European data is being collected and used by that company.
According to Bloomberg companies are provisioning heavily for GDPR; hiring staff and overhauling their websites. Around 75% of US multi-nationals are preparing to spend over $1 million on GDPR compliance, with 10% of these setting aside $10 million or more.
This is because GDPR non-compliance can result in litigation, reputational damage and fines as high as $25 million, or 4% of annual worldwide revenue, whichever is higher! Find out more about the penalties for GDPR non-compliance from the European Commision.
The EU defines data in broad terms.
If data can be linked to a person, then GDPR applies. For example phone numbers, bank details, travel records, online behaviors, biometric or health related data, IP addresses and more.
Going forward, companies will have to obey strict rules about how EU citizens' data is collected, stored and used. GDPR mandates that citizens need to be informed and give consent before their data is collected. Consumers also have the option to remove that consent at any time, and retrieve, amend or delete whatever data is stored. And collection of data on children under the age of 16 is unlawful without parental approval.
You have two choices: make your U.S. website GDPR compliant, or sign up for our European GDPR Compliant Website Program.
Choice #1 - Make your U.S. website GDPR compliant. This demands GDPR knowledge, is costly and time consuming, and could negatively impact the user experience.
Choice #2 - Avoid that, and reach out to the European market with your own GDPR compliant European website. We will work with you to build and manage your website, providing you with expert help, focused on your business needs. Whether you sell directly or via distributors, a European website built to match your business strategy and export needs plays a crucial part in your international business success.
If you want to do business in Europe, a high quality European website can help you increase your visibility, build your brand awareness and grow your sales, while also helping you become compliant with European GDPR rules.
Statement of work
Want to learn more about GDPR?
Tune into this webinar to learn about GDPR, how to comply and how to thrive in the new online regulatory environment. With special experts Susanna Hardy, Chief Content Officer and GDPR Data Protection Officer at IBT Online, and Matthias Hertegonne and Liesbeth Van Den Spiegel, GDPR specialists from Brussels-based law firm VLV.