How US businesses can comply with Europe’s GPDP?
The United States approach to data and privacy protection, much like Europe, reflects the norms and values that shape its society. Instead of viewing privacy as an intrinsic part of a person’s honor and personality and a human right like Europe, the United States treats privacy and personal data as a commodity subject to contract law.
As information as viewed as property, the greatest threat in the US is perceived to come from government, and laws protect persons from the governmental invasion of privacy, with minimal regulation of how private parties deal with data and privacy.
Another difference between American and European data and privacy protection is the higher status allocation to freedom of expression, and particularly that of the press.
Therefore, for these reasons, the American understanding and protection and data and privacy in the US are less comprehensive than Europe, with Canadian data and privacy protections being closer to Europe. This all raises significant compliance issues by US businesses for EU General Data Protection Regulation (GDPR), particularly those businesses who rely on personal data and information.
The EU GDPR was approved by the European Parliament on April 14, 2016, and goes into effect globally on May 25, 2018. The GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data and privacy laws across Europe, to protect and empower Europeans, and to reshape the way businesses and organizations approach data and privacy.
The GDPR applies to all businesses processing the personal data of persons residing in Europe, irrespective of where the business is located.
Therefore, US businesses will need to update their privacy and data policies in response to GDPR, or face fines that could be as high as the greater of 20 million euros or 4 % of worldwide annual revenue.
Required changes for US businesses are reviewing and updating data storage and data breach reporting, and individual privacy rights including: how persons provide and withdraw consent, and the right to review and delete any stored personal data.
US businesses may also be subject to more onerous requirements in specific European countries that choose to enact legislation that exceeds GDPR.
Further information available at GPDP at https://www.eugdpr.org. Please contact Alpine Law PLLC if your business is updating your data and privacy policies to comply with the GDPR.
Copyright©2018 Magdalena A K Muir