• Startups
  • June 17, 2020

What does the GDPR mean for American companies?

The General Data Protection Regulation (GDPR) came into force across the EU last year and became directly applicable in all EU member states without the need for local implementation. This will also affect the US market and American businesses are furiously working towards compliance!

They have physically established presence in the EU, regardless of whether the processing takes place in the EU, including branches, representatives, subsidiaries, affiliates or agents;

They offer goods or services to individuals and businesses, based in the EU (whether free or paid) including websites and other online services accessed by or targeting EU based individuals or businesses, particularly in the country’s native language; or
 They monitor EU residents’ behaviour, including internet-based online behavioural advertising or profiling activities.
 EU residents’ behaviour, including internet-based online behavioural advertising or profiling activities.
Global and US-based organisations must assess whether the GDPR is applicable to their data processing operations. This includes the analysis of an organisation’s business activities and processing of personal data in that respect, looking at various process flows, including by type of data subject - customers, suppliers, third parties, such as sub-processors, employees, marketing lists and others.

“Personal data” is very widely defined under the GDPR and examples include names, email addresses, telephone numbers, financial and payment details, location data and IP address, amongst others. Broadly, if you can trace an individual from data, it means you are dealing with personal data. Examples of “processing” of personal data include collection, recording, organisation, storing, retrieving, using, disclosing or deleting.

If data processing activities of an American or global business fall within the scope of the GDPR, the business will need to invest both time and funds to have the right documents in place, including policies, privacy notices and contractual provisions.

In addition, the appointment of a Data Protection Officer may be necessary, as well as internal training to management and staff and changes to existing procedures and systems.

The consequences of non-compliance with GDPR will likely make a significant impact on any business and include:

Up to 10 million Euros or 2% of annual worldwide turnover, whichever is greater, for breaches of (mainly) record keeping, contracting and security clauses;
Up to 20 million Euros or 4% of annual worldwide turnover, whichever is greater, for breaches of (mainly) basic principles, data subject access requests, transfer to third countries and non-compliance with an ICO order (in the UK);
Management time for internal investigations and cooperation with the authorities; and
Damage to reputation
Although the GDPR compliance deadline is fast approaching it’s not too late! To consult with LawBite’s GDPR lawyer Alla Fairbrother, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.

We have also put together a special LawBite Rescue GDPR Package for clients who need a little extra last-minute help with compliance. In addition to 12 GDPR compliant templates the package contains a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £495 + VAT (versus £675 + VAT).

If you haven’t yet, please do take advantage of our next FREE GDPR Webinar on the 9th May at 12 pm you can register here.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free