Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar

Re: GDPR Enforcement in the U.S. ?

Betsy_Landon1
Level 2
Level 2
‎03-19-2018 01:27 PM
‎03-19-2018 01:27 PM

GDPR Enforcement in the U.S. ?

Can anyone provide information about (or provide a link to) how GDPR will be enforced in the U.S.?

I work for a small company with one location in the U.S. Our customers are located in the U.S. only. Sales does not pursue prospects located outside of the U.S.

People from around the world visit our website and submit forms to access gated content.

Just to be clear - my question is not about compliance. It's about enforcement, especially given my company scenario.

Labels:
Tags (3)
5,121
Reply
8 REPLIES 8
Nicholas_Manojl
Level 9
Level 9
‎03-19-2018 10:30 PM
‎03-19-2018 10:30 PM

Re: GDPR Enforcement in the U.S. ?

I'm not a lawyer (nor do I want to be) but it appears to me that you are not affected by the scope of the legislation and there is therefore nothing to enforce.

But that's only prima facie based on that one paragraph you wrote. Maybe you have other factors that do require you to comply. That will require real advice from someone qualified to give advice.

3,637
Reply
Anonymous
Not applicable
‎03-20-2018 05:46 AM
‎03-20-2018 05:46 AM

Re: GDPR Enforcement in the U.S. ?

Hi Betsy,

I was explained in a GDPR training session that:

- If a non E.U. data controller is managing personal data of a person from outside the E.U. that is outside the E.U. the moment the communication takes place, GDPR does not apply.

- If a non E.U. data controller is managing personal data of a person from outside the E.U. that is in the E.U. the moment the communication takes place, GDPR does apply.

- If a non E.U. data controller is managing personal data of a person from the E.U. that is outside the E.U. the moment the communication takes place, GDPR does not apply.

- If a non E.U. data controller is managing personal data of a person from the E.U. that is in the E.U. the moment the communication takes place, GDPR does apply.

GDPR for data controllers managing personal data applies based on where the person IS, rather than where the person is from.

Please refer to the difference between data controller and data processor: https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-processors-dp-gu...

Hope this helps you!

3,637
Reply
Betsy_Landon1
Level 2
Level 2
‎03-20-2018 05:53 AM
‎03-20-2018 05:53 AM

Re: GDPR Enforcement in the U.S. ?

Again, I would like information about how GDPR will be ENFORCED in the U.S. for companies that do not have a presence outside the U.S. nor sell to the E.U.

Is there or will there be any legal agreement between the E.U. and the U.S. where the U.S. government will impose penalties on behalf of the E.U.?

I understand who it applies to and what the criteria is.

0 Likes
3,637
Reply
Anonymous
Not applicable
‎03-20-2018 06:31 AM
‎03-20-2018 06:31 AM

Re: GDPR Enforcement in the U.S. ?

Hi Betsy,

As I mentioned, only if the person you are targeting (although not in the EU) is in EU the moment you communicate with them will GDPR be applied.

There is currently no further impact or implication on US data controllers not targeting EU.

Thanks.

0 Likes
3,637
Reply
Grégoire_Miche2
Level 10
Level 10
‎03-20-2018 09:06 AM
‎03-20-2018 09:06 AM

Re: GDPR Enforcement in the U.S. ?

Hi Betsy,

Cross border law enforcement and extraterritoriality is quite difficult to enforce. 2 examples:

  • US citizens who have been living outside of the US and who "forgot" to send their tax sheet to the IRS. There real problems occur the day they decide to visit their family in the US.
  • Large non-US banks being sued in the US, after the 2008 crisis or for doing business in forbidden countries. They have no choice but coming to a settlement with the US gov because they have some key activities (such as trading) in the US that would have been threatened otherwise.

So, as long as you do not intend to do any business in the EU, you are quite safe. The problem will  occur the day you start shipping goods to the EU or want to open an office there. That day, you might get into trouble for non compliance from the past years (I do not know what the limitation period is for GDPR breaches).

Another consideration you might have is about whether or not the US will in the future adopt a regulation similar to the EU's GDPR. Good question, and I do not have the answer but one thing is sure, the companies that already comply with GDPR will have a easier life when and if that time comes.

-Greg

3,637
Reply
Betsy_Landon1
Level 2
Level 2
‎03-23-2018 06:46 AM
‎03-23-2018 06:46 AM

Re: GDPR Enforcement in the U.S. ?

We sell services only and will never sell products.  I think we are safe for now. Greg, your reply is helpful.

0 Likes
3,637
Reply
Dan_Stevens_
Level 10 - Champion Alumni
Level 10 - Champion Alumni
‎03-23-2018 07:11 AM
‎03-23-2018 07:11 AM

Re: GDPR Enforcement in the U.S. ?

GDPR doesn't distinguish between products or service providers.  For example, we sell cloud/IT/digital services - we don't have a product - yet, GDPR applies to us fully.

0 Likes
3,637
Reply
Grégoire_Miche2
Level 10
Level 10
‎03-23-2018 07:11 AM
‎03-23-2018 07:11 AM

Re: GDPR Enforcement in the U.S. ?

Hi Betsy,

Selling services or products does not make any difference with regards to the GDPR

It's to whom you are selling that matters, and more precisely where these people are located.

-Greg

0 Likes
3,637
Reply
Home