eBooks & Reports

GDPR: What It Means for US-based Companies

Issue link: https://resources.threatstack.com/i/930602

Contents of this Issue


Page 2 of 8

HOW IT WILL AFFECT US-BASED COMPANIES The US stands to be affected directly by the GDPR because the new privacy model applies to any enterprise in the world that targets the European market in offering goods or services or profiles European citizens, and as a result, must process the personal data drawn from those member states. All companies processing EU personal information will have until May 25, 2018 to comply with the reform. Many of the companies that will be affected directly already have existing policies and procedures around privacy due to their need to be compliant with the previous Directive. It is important for these companies to note that the GDPR added new protections for EU data subjects that will require revisions of their current privacy and compliance programs. DATA BREACH NOTIFICATION The GDPR's breach notification requirements are far more prescriptive and demanding than the Directive and will likely require most US-based companies to amend their breach notification policies and procedures to comply with the GDPR. In instances where personal data freedoms and rights may be violated, data processors must notify data controllers without undue delay and data controllers must notify the supervisory authority within 72 hours. The documentation and communication of breaches must be delivered in an outlined form and adequately detail certain key information about what's occurred and how it's been handled. When the timing obligations are not met, it seems as though the GDPR has battened down the hatches of the upstream and downstream obligations and it may require organizations to slightly overhaul their data sharing relationships. However, a likely benefit to come from this effort is that companies will be able to simplify their policies and procedures so that they uniformly overarch the expectations of all EU member states and US-based companies will be able to dispatch a single notice.

Articles in this issue

view archives of eBooks & Reports - GDPR: What It Means for US-based Companies