Should a US Website Be GDPR Compliant?

As more companies opt to take their business online, the rules of the game are quickly changing. While modern technology has provided companies with the advantage of easily acquiring data on their customers and using it to their advantage, concerns over privacy have recently dominated conversations on consumer’s rights. This is where the General Data Protection Regulation (GDPR) law comes in, which is an EU law designed to let citizens of the EU have more control over how their data is used. This is done by making it easier for them to access and decide who they share it with. While it is an EU law, U.S. websites collecting data from any EU citizens in an EU country are subject to it as well. 

In short, it is probably in the best interest of a U.S. website to become GDPR compliant. Forbes outlines that the regulation states that failure to comply will result in fines of up to 2% of a company’s global revenue. While this may seem light to some, retail giants such as Amazon would have to shell out billions for failing to sufficiently protect customer data.

U.S.-based e-commerce, travel, and software companies will presumably have to lead the way. Although those already complying with existing data security protocols should not find it too difficult, a rule stating that “high risk” data breaches must be reported to EU regulators within 72 hours could exacerbate already burdened IT departments. Though authorities may be more lenient letting IT groups decide what constitutes a “high risk” breach, the mass exposure to email addresses and other personal information (as has happened before) would certainly need reporting. In the cases of information such as credit card numbers and passwords being exposed, the consumers themselves would have to be notified. Other rules in the GDPR also state that companies must make it clear to consumers what they will be doing to their data once they receive it.

Despite the difficulties for U.S. businesses, becoming GDPR compliant will save them trouble later down the line. The recent raft of data breaches and hacks has shown just how vulnerable consumers can be, showing the need for more accountability and tightened security. Maryville University reveals that one tech site ranked information security third in the “technology jobs [that] hiring managers are struggling to fill” in the U.S. This demand is being reflected in the increasing number of degrees and programs aimed at training new cyber specialists, as businesses fight to keep up with the changing digital landscape. It is also a reason why the EU has decided to tighten up the laws around data protection.

In conclusion, although adhering to the GDPR is not an easy task, it must be kept in mind that such a regulation only exists to protect the public. Accordance with the GDPR today gives companies the benefit of avoiding potential multi-million dollar fines and lawsuits tomorrow. More importantly, however, it also gives the added value of being a company that consumers can trust with their information. As the global concern over cybersecurity increases, a U.S. website that is GDPR compliant will be at an advantage over their competition who are not. 

by: Tracy Collins, @r_am_jones



Tagged with: , , , ,

Posted in: Business Law, Internet