Discusses the Europe-wide GDPR

The EU General Data Protection Regulation (GDPR), privacy legislation implemented by the EU in May 2018 that impacts all sectors and types of companies.  The GDPR has extra-territorial reach, which means that it might be applicable to U.S. entities even if they do not have physical presence in Europe.  In that case, such organizations need to have a representative based in Europe, or in certain cases need to appoint a Data Protection Officer.   Fines in case of non-compliance can reach up to 4% of the annual worldwide revenue or 20 million euros, whichever is higher.  Companies should consider GDPR as part of their overall compliance effort with assistance of legal counsel.   

For details on the GDPR, please consult the U.S. Commercial European Union Country Commercial Guide and Commercial Service experts at the U.S. Mission to the EU.

One element of a data privacy compliance strategy can include the EU-U.S. Privacy Shield, a mechanism designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.  Details can be found at: https://www.privacyshield.gov/welcome

Prepared by the International Trade Administration. With its network of more than 100 offices across the United States and in more than 75 markets, the International Trade Administration of the U.S. Department of Commerce utilizes its global presence and international marketing expertise to help U.S. companies sell their products and services worldwide. Locate the trade specialist in the U.S. nearest you by visiting http://export.gov/usoffices.