They have physically established presence in the EU, regardless of whether the processing takes place in the EU, including branches, representatives, subsidiaries, affiliates or agents;
They offer goods or services to individuals and businesses, based in the EU (whether free or paid) including websites and other online services accessed by or targeting EU based individuals or businesses, particularly in the country’s native language; or
They monitor EU residents’ behaviour, including internet-based online behavioural advertising or profiling activities.
EU residents’ behaviour, including internet-based online behavioural advertising or profiling activities.
Global and US-based organisations must assess whether the GDPR is applicable to their data processing operations. This includes the analysis of an organisation’s business activities and processing of personal data in that respect, looking at various process flows, including by type of data subject - customers, suppliers, third parties, such as sub-processors, employees, marketing lists and others.
“Personal data” is very widely defined under the GDPR and examples include names, email addresses, telephone numbers, financial and payment details, location data and IP address, amongst others. Broadly, if you can trace an individual from data, it means you are dealing with personal data. Examples of “processing” of personal data include collection, recording, organisation, storing, retrieving, using, disclosing or deleting.
If data processing activities of an American or global business fall within the scope of the GDPR, the business will need to invest both time and funds to have the right documents in place, including policies, privacy notices and contractual provisions.
In addition, the appointment of a Data Protection Officer may be necessary, as well as internal training to management and staff and changes to existing procedures and systems.
The consequences of non-compliance with GDPR will likely make a significant impact on any business and include:
Up to 10 million Euros or 2% of annual worldwide turnover, whichever is greater, for breaches of (mainly) record keeping, contracting and security clauses;
Up to 20 million Euros or 4% of annual worldwide turnover, whichever is greater, for breaches of (mainly) basic principles, data subject access requests, transfer to third countries and non-compliance with an ICO order (in the UK);
Management time for internal investigations and cooperation with the authorities; and
Damage to reputation
Although the GDPR compliance deadline is fast approaching it’s not too late! To consult with LawBite’s GDPR lawyer Alla Fairbrother, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.
We have also put together a special LawBite Rescue GDPR Package for clients who need a little extra last-minute help with compliance. In addition to 12 GDPR compliant templates the package contains a 30-minute GDPR audit consultation and 2 hours of specific GDPR legal advice for only £495 + VAT (versus £675 + VAT).
If you haven’t yet, please do take advantage of our next FREE GDPR Webinar on the 9th May at 12 pm you can register here.
Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 16, 2021
Every start-up business needs the law. Unfortunately, many cut corners or worse still, ignore the legal side of their business all together. Here's...
- By Lawbite Team
- November 16, 2020
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.