There’s been a lot of buzz lately surrounding GDPR and how it will effect online business owner in the U.S. Below, is a solid GDPR summary from an attorney, recommended by Nicholas Kusmich (best FB ad guy out there right now IMO).
Let’s start with what it is:
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
I am taking a relaxed approach to these upcoming changes.We should use it as a quality check on what we’re doing and do it right but realistically, I don’t foresee a bunch of small marketers, in the U.S., getting “hurt” over this. Here is a quick summary of Mr. Kusmich’s assessment that support my advice for U.S. based online business owners:
The GDPR applies to all companies processing the personal data of subjects in the EU, regardless of the company’s location.
o BUT: Those data subjects must be targeted.
o The GDPR does not kick in where an EU resident merely happens upon your site via Google search.
o Some evidence of targeting of EU consumers could include accepting the currency of an EU nation, providing marketing content in an EU nation’s language, or having a domain suffix that corresponds with an EU nation.
• The extent to which GDPR will apply to your business likely depends upon the extent to which your business targets EU citizens, and how much personal data you collect and use.
• If you do not accept payment in Euro, target or solicit EU citizens, or otherwise take action to make your services accessible to EU citizens, it is possible that your operations will fall outside of the GDPR’s mandates.
You can read the full legal assessment here :GDPR