If your company has one or more establishments in the EU, you have probably heard of, or even started preparing for, the implementation of the General Data Protection Regulation (GDPR), which will apply as from 25 May 2018.
But even if your company is not established in the EU, the GDPR may be relevant for your company.
The territorial scope of the GDPR is broad. Anyone actively offering goods or services to citizens in the EU is caught by the GDPR. This also applies to organisations that monitor the behaviour of individuals in the EU.
Some examples in which GDPR will or may be triggered:
- Your headquarters are based outside the EU, but you closely work with an EU sales agent or EU subsidiary that enables you to sell your products or services to EU customers (note: also in case of B2B)
- Your headquarters are based outside the EU, but you have a website on which you target EU customers to buy your products or services
- You outsource your HR administration to an EU based company
- You use a data center in the EU for your global CRM database
- You use online profiling techniques with respect to EU citizens
Turn a necessity into an opportunity
GDPR compliance has become a boardroom topic, mainly because of the severe sanction on non-compliance (fines as high as EUR 20 million or 4% of the annual worldwide turnover). But when dealing with the EU, GDPR compliance could also be a business opportunity and competitive advantage. GDPR can be considered amongst the highest data protection standards, making your business dealings and the exchange of data involving the EU smoother and easier.