News top

Is GDPR to be considered in USA?

Since the General Data Protection Regulation (GDPR) is a law on privacy for all individuals within the European Union which addresses the export of personal data outside the EU and which is aimed to replace the 1995 EU Data Protection Directive, many companies outside of the EU (for example, in the US, especially those who have clients inside the EU) are not really concerned or worried about what impact it might have on their operation. However, they should be. Here is why.


To put it shortly: Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in the European Union (which currently contains 28 countries), your company is subject to the requirements of the GDPR. While the legislation applies to EU companies, it also applies to any company that chooses to do business in the EU. As simple as that. However, some clarifications are needed for that.

GDPR directly affects organizations in the U.S. if they:

  • have offices or employees in the European Union;
  • market or sell to European Union citizens;
  • partner with EU-based organizations;
  • process, store, receive, or handle in any way, data of EU citizens.


First, the law only applies if the data subjects (or simply consumers) are in the EU when the data is collected. The regulation does not apply for EU citizens outside the EU. The second point is that most business owners think that a financial transaction is necessary for the law to take place. That is not true. A transaction does not have to take place for the extended scope of the law to kick in. If the organization just collects "personal data", for example, as part of a marketing survey, then the data must be protected according to the GDPR standards.

The companies in such industries like e-commerce, logistics, software development, travel and hospitality that are based in the US and that have no physical presence in the EU should already be in the process of attaining GDPR compliance. Nevertheless, all US-based companies, especially those with enormous Internet presence, should evaluate whether their business activity falls within the territorial scope of the GDPR or they will have to face huge fines.

A simple and easy-to-use tool for this purpose is GDPRQ – which helps you assess all impacted areas by GDPR in your organization and helps with providing an action plan based on your GDPR current status. You can log in and check it now on


A honlap utolsó módosításának időpontja: 2018.09.21