GDPR Privacy Legal Consulting offers expert guidance and support to US businesses that operate with EU citizens data to comply with EU regulation.
Some ideas on how to improve your business with GDPR Privacy Legal Consulting
Yes. The European Union's General Data Protection Regulation (GDPR) applies to all companies, regardless of location, that process individuals' personal data within the European Economic Area. This means that if your U.S.-based company collects, stores or uses personal data of EU citizens, it must comply with the GDPR.
The GDPR gives individuals a number of rights with respect to their personal data. These include the right to be informed, the right of access, the right to rectification, the right to erasure ("right to be forgotten"), the right to restrict processing, the right to data portability, the right to object, and rights related to automated decision-making and profiling. To ensure that these rights are respected, your company must have procedures in place to receive and respond to requests for individuals' rights, and ensure that your systems allow for the enforcement of these rights.
Under Article 27 of the GDPR, companies based outside the EU that process personal data of EU residents may need to appoint an EU representative, unless the processing is occasional, does not involve large-scale processing of special categories of data, and is not likely to pose a risk to the rights and freedoms of individuals. This EU representative will act as a contact point for supervisory authorities and individuals in the EU.