I'm not an expert on this but I think the GDPR will impact any organization that uses data from European consumers, which includes the use of data in targeting consumers for marketing campaigns (i.e. an "active" business activity) and gathering information based on their user behavior (i.e. a "passive" business activity). Even if your business isn't actively trying to do business in the EU then you could still be inadvertently/ passively collecting data on European leads (ex: tracking web activity with cookies), and this might be a problem even if they're just a prospect in your database. Maybe someone can confirm?
HI Taryn Spiller,
I am also no legal expert on this, but we do not do business outside of the US. There is a small chance we would every have people from Canada or Mexico in our database, but almost no chance anyone from the EU. But as a safety precaution what I've been recommending is that we just have campaigns that delete any and all leads that come in from the EU.
1 of 1 people found this helpful
The GDPR is about anyone who would be a resident in the EU, whatever their citizenship, and not about EU citizens.
This being said, the risk is almost null until you decide to open an office or simply do business in Europe, as it's not realistic that any EU citizen will sue a US or Canadian company. The day you start having some business in the EU, everything changes.