The GDPR’s extraterritorial scope makes it applicable to all businesses, including those in the United States, as long as it gathers information from “data subjects in the Union” and engages in “professional or commercial activity” with 250 or more employees.

For instance, if your website collects visitor data via cookies, then GDPR applies to all visitors from the EU and UK. Noncompliance can result in fines.

How GDPR Is Enforced on U.S. Companies

GDPR applies to non-EU companies if they offer goods or services to EU residents or monitor their online activities. Any US company subject to the GDPR has to meet the same strict requirements as companies in the EU.

For instance, if you have a website in the official language of any EU member state or offer prices in Euros, you’re deemed to be targeting EU citizens and liable to the GDPR.

To comply with GDPR as a US company, you can use the following checklist, with the advice of your local privacy counsel:

    • Designate a data protection officer to oversee all EU resident’s data

    • Inform consumers how you’re collecting their data and for what purposes

    • Have a data processing agreement with your vendors

    • Review your data processing protocols and tighten security

    • Identify steps to follow in case of a data breach

    • Observe cross-border data transfer rules

    • Appoint an EU representative

Bulleted List

Complying with GDPR cookie consent means your users must explicitly agree to store cookies on their devices. You can implement this by getting users’ consent through a checkbox, button, or by accepting a GDPR notification.

Following the above GDPR compliance checklist and consulting your local privacy counsel could help reduce the risk of EU regulatory action.

Fines for Non-Complying U.S. Companies

It pays to be GDPR compliant, given that US companies found to be breaking GDPR can rack up fines of up to €10 to €20 million, or up to 4% of the company’s annual revenue.

Get a
Demo
NOW

Fill up the form for 20% off on subscriptions!

First Name
Last Name
Company Email Address
Company URL

About the Author: Marc Parrish

Marc Parrish, Founder and CEO of PieEye INC., is a seasoned marketing expert with a rich history in the industry. Holding an MBA from UCLA and a background in Mechanical Engineering from the University of Michigan, Marc's expertise spans interactive marketing to product marketing. Based in San Francisco, his insights into the digital transformation of the U.S. retail sector are deeply informed by his vast experience and passion for various social causes.

Share This

Request a demo of our data privacy solution today and take control of your privacy strategy.

Get a
Demo
NOW

See how our platform ensures compliance and builds trust.

Discussion