Call Us: : (530) 802-0640

Got Personal Data?

Got Personal Data?

How American Companies can adhere to the European Union’s New Consumer Privacy Regulations on the Worldwide Web

In May 2018, the European Union (EU) sent a clear message to the world that it will support and protect the privacy of its citizens on the world wide web with new General Protection Data Regulations (GDPR). The goal of the new regulations is not only to protect EU consumer privacy but also to streamline regulations for international companies participating in the online world marketplace.

International companies have two years from May 2018 to comply with the regulations or they could be fined up to 4% of the company’s yearly international gross assets for non-compliance.

To date, the EU fines have had a tremendous economic impact on American based companies such as: Facebook and Google. Facebook stock saw a plunge of 20% in the stock market (losing $16 billion in one day) just on the heels of EU fines totaling $122 million for data breaches. Now, Facebook is facing lawsuits from investors who claim the value and worth of Facebook was inflated by its chief financial officer and the CEO, Mark Zuckerberg. Also, the EU slapped over $5 billion in fines for Google’s mobile use violations. These fines are not just symbolic or a warning. The EU is making it crystal clear on the world stage that it wants privacy for its citizens and that it will pursue companies that don’t comply with the new regulations.

privacy policy

  • What is the specific data GDPR protects?

Personal information of EU citizens that includes names, addresses, birth dates, number of children, salaries, and other personal data.

  • What are GDPR’s requirements for subcontractors?

A company that collects personal information of EU citizens must require its subcontractors that have access to such data to honor the company’s privacy policies.

  • What does this mean for U.S. Companies who do business with EU citizens?

First, a company should assess its data collection practices and how data is used. Second, a company should create a plan of best practices for handling and storing sensitive personal information, such as credit card information.

Finally, a company should clearly communicate in plain language to its EU consumers how the company uses and stores personal information of its customers, and how long such personal information is kept.

American companies will need to balance compliance with the new EU Privacy Regulations with creating effective marketing plans for European consumers. Companies may choose to collect less personal information and only what is needed for a transaction. This plan of less is more may help companies develop more meaningful customer engagements that result longer term customer relations.

For more information and resources on the GDPR, check out the following websites:
https://www.privacyshield.gov/US-Businesses

https://www.eugdpr.org

https://gdprchecklist.io/#accountability-management

Please contact my office at virginia@virgielaw.com or 530-802-0640 if you would like us to help you review and update your privacy policies and practices.

Virginia Ryan provides business law and estate planning services to clients in Northern California, including Auburn, Grass Valley, Nevada City and Truckee.