You may have heard a lot of noise leading up to the May 25, 2018 effective date of the General Data Protection Regulation, or GDPR. Here is a link to an excellent article on the subject by attorney Kyle Westaway. He titles it “GDPR for U.S. Start-ups,” but I think every U.S. business should take time to understand (1) what the GDPR is; (2) determine whether it applies to them; and (3) even if it doesn’t apply, whether it makes good business sense to comply anyway. https://westaway.co/gdpr
From the Westaway article’s introduction:
“The General Data Protection Regulation (GDPR) is an updated privacy law for the digital age. At its core, GDPR is a new set of rules designed to give EU citizens more transparency on what data they are sharing, how it’s being used and granting more control over their personal data. The rules simplify and make clear the obligations of businesses and the rights of individuals in the digital economy. The regulation takes effect on May 25, 2018. If the GDPR applies to you, you’ll need to make sure your systems are in place immediately.”
Here’s another reason for non-covered U.S. companies to consider complying now. I noticed Isaac Kohen’s June 4, 2018 article in CSO Online titled The Impact of GDPR on U.S. Cybersecurity. https://www.csoonline.com/article/3277614/privacy/the-impact-of-gdpr-on-us-cybersecurity-policy.html
The subhead is what really caught my eye:
“With the GDPR in full effect, expect to start seeing an impact in the US sooner vs. later. All it will take is the next major data breach for the American public to start demanding ownership of their personal data.”
I think there are some strong reasons for non-covered companies to implement GDPR right away. What would be some strong reasons against implementing it? Drop me a line!
Please note: the above post contains educational information. It is not intended as legal advice. Engage an attorney who is licensed in your state to get advice on dealing with any specific legal issue.
© 2018 Michael S. Oswald