If you assume that you do not need to comply with a regulation passed by the European Union (EU), you are wrong. Companies in the United States, including South Carolina, may be required to comply with the data privacy measures of the GDPR or face substantial fines. If you are unsure whether you need to comply with the GDPR or if you have questions about the regulation, call our South Carolina business compliance lawyer for more information.
What is the GDPR and What Businesses Will Be Impacted?
The General Data Protection Regulation (GDPR) is a set of standardized data privacy measures to protect citizens and residents in the European Union (EU). Violations of the GDPR could result in fines of four percent of the business’s annual gross global revenue or EUR 20 million. Therefore, it is important for companies in South Carolina to understand if they need to comply with the conditions and terms of the GDPR.
Companies that collect and store the personal information of EU citizens, process the personal information of EU citizens, or conduct business in the EU are impacted by the GDPR, even if the home country for the business is not within the EU. Companies and entities that may be impacted include online companies, companies that ship overseas, government agencies, and any business that receives or collects the personal information of EU citizens. In addition, companies that are “processors” of data, such as IT companies, are also included in the GDPR.
Some questions you can ask yourself that will help you know if your company must comply include:
- Do you or your company sell items or offer services to anyone living in a member state of the European Union?
- Does an agent for your company operate from the EU?
- Does your online e-commerce site offer pricing for goods and services in Euros?
- Does your company provide services that allow you access to personal data for another company that collects personal data from EU residents?
- Do you or your business monitor the behavior or collect data on EU residents?
The above list is not an exhaustive list of conditions that might require you or your company to comply with the GDPR. If you answered yes to any of these questions or you are unsure whether the GDPR applies to your business, call our South Carolina business compliance lawyer for assistance.
Responsibilities and Duties Under the GDPR
It is extremely important that you understand what you should do to protect an EU resident’s personal data to avoid fines and penalties for non-compliance. Some of the things that you might be required to do if you have personal data from EU residents include:
- Delete personal data upon request of the individual;
- Keep detailed records of the data you collect or process;
- Collect personal data through opt-in consent of the parties;
- Perform assessments for data protection; and,
- Notify individuals of a data security breach within 72 hours of the breach.
There could be additional responsibilities that your company may have under the GDPR. Contact our South Carolina business compliance lawyers at Willcox, Buyck & Williams, P.A. to discuss steps you need to take to protect your company from liability.