Do you think because you are a US-based firm that GDPR regulations are outside your sphere of business? Wrong.
As a matter fact, the Digital Guardian reports that some think large US companies will be targeted by GDPR regulators.
This is because many US firms have lax data protection procedures, privacy issues across platforms are new, companies are already dealing with a myriad of state privacy laws, and there have been several large data breaches in the last year. I would add to that the recent Facebook Cambridge Analytics fiasco that recently had Mark Zuckerberg testifying before Congress.
I have already written a couple posts on prepping for GDPR that you can read here. More recent discussions have been about what some think regulators are going to be tough on when GDPR goes into effect. Many of us think it is probable that the regulators will be going after large firms, rather than middle to small size firms, in the beginning. They will probably also target:
- Firms not doing anything to get into compliance
- Firms that can’t show why/how/where they are collecting data
- Firms with pre-checked boxes on their web forms
- Data breaches
Some think that regulators will encourage compliance by proactively enforcing the laws.
So, I think the key right now is to continue your GDPR preparations. (I hope you have started by now!). Document your efforts to show that you are trying to get into compliance.
The journey continues.
DISCLAIMER THAT I am not an attorney so this should not be construed as legal advice. This post is MY interpretation of what I have learned about GDPR so far, as a marketer who tries to stay on top of audience development and marketing issues. Any legal instructions should come from an attorney with knowledge of GDPR regulations.