A common mistake many small US e-tailers make about the EU GDPR (General Data Protection Regulation) is believing that if they do not have an EU office, they do not need to comply. However, that is not the case. As of May 25, 2018, any organization processing and storing EU residents’ personal data, irrespective of the organization’s location or where the data is processed, must comply with the Regulation.
Issues small US e-tailers face
“We have seen many small businesses … exclude EU subjects from their clientele to avoid exposure to GDPR risks. This could impact assumptions about the frictionless global nature of e-business,” commented Gartner Analyst, Andrew Frank.
Small US e-tailers have not budgeted for the GDPR. Furthermore, according to Gartner, they do not fully understand it. Frank also said, “the indirect costs in terms of impact on customer trust and brand reputation may be even greater.”
Cindy Zhou, principal analyst at Constellation Research, noted, “The financial penalties — 4 percent of annual revenue or 20 million euros — are large.”
US e-tailers and the GDPR
US e-tailers that actively offer goods and services to EU residents must comply with the GDPR. To find out more, register for our webinar: ‘Why should North American organizations comply with the GDPR?’. This webinar will take place on Tuesday, July 24, 2018, 1:00–2:00 pm EDT.
The webinar will cover the following:
- Why organizations need to comply with the GDPR
- The GDPR’s requirements and how this relates to US frameworks and laws
- Data subject rights
- Breach notifications
- International data transfers
US e-tailers should strongly consider IT Governance USA’s EU Representative Service. Our EU representative service enables companies in North America that fall within the scope of the GDPR, and who do not have a physical presence in the EU, to meet their obligations under Article 27.