GDPR: US-Based Businesses Need To Know

The passing of GDPR legislation in the European Union (EU) has changed the way businesses and websites need to do business in order to protect the personal information of consumers and site visitors. While US-based business owners may not think it applies to them, you need to think twice. Websites that attract a global audience may need to comply with certain GDPR regulations or risk being blocked so that citizens of the EU can no longer see your content.

Overview

What Exactly Is GDPR?

Does the GDPR Apply to US-Based Businesses?

How to Comply with GDPR Regulations

Heavily Impacted Industries and Compliance

Complications and Consequences

What Exactly Is GDPR?

GDPR stands for General Data Protection Regulation. All companies that do business within the 28 EU member states must comply with the new legal framework. The GDPR was adopted in 2016 to replace the Data Protection Directive, which had been implemented a little over 20 years earlier and was considered extremely outdated.

As a directive, the original Data Protection Directive allowed for member states to customize the rules and regulations to meet their own unique needs. The GDPR is a regulation that does not allow for any customization or leeway at all; all of the EU’s member states must fully comply.

The GDPR is rather lengthy, with a total of 99 articles that describe all of the regulations and how they obligate business owners and protect individual rights. Most notable is the fact that personal information or data of EU citizens that is imported from various locations and countries outside of the EU must also be protected.

Does the GDPR Apply to US-Based Businesses?

Absolutely. US-based businesses need to pay special attention to the GDPR. If your business or website touches the data of a EU citizen in any way, shape, or form, whether you are aware of it or not, your business must be GDPR compliant. US-based airlines, hotels, and businesses of all kinds must handle the information of EU citizens in a way that complies not only with their own local laws, but with the GDPR as well.

There are certain pieces of personal data that are very specifically outlined by the GDPR.

These include:

Anything personally identifying (birthdates, SSNs, addresses, and names)
Health information, including genetic testing and other forms of data
Anything that is web-based, including IP addresses and cookies
Information regarding sexual orientation and/or gender
Ethnic and racial information
Biometrics
Political information

There are certain criterion for identifying whether you must comply with GDPR. Be aware that you should use these as a guideline, but don’t assume you are safe just because none of these entries apply to you. You should always speak with a lawyer to be sure.

The criteria for businesses that must comply with GDPR include:

Processing the personal information of EU residents, whether your business has a presence in the online space or not. E.g., processing catalogue orders or sending out products through the mail.
Having a business with a presence in a member country (any country that falls under the European Union or EU). Find the full list of countries
Having more than 250 employees and/or having less than 250 employees (if the information you regularly collect can impact a citizen’s rights).

How to Comply with GDPR Regulations

When GDPR first went into effect, you probably received a dozen or more emails from companies you do business with letting you know that their privacy policies had been updated.

Even Facebook prompted users to review their privacy settings, putting special emphasis on what information advertisers could see and how they could be targeted.

This made sense at the time because repercussions were VERY serious. Any US-based business with a web presence needs to be in compliance with GDPR regulations at all times; ignorance of the law or regulation will not protect you.

The first thing to remember is that if the EU citizen who is using your website is physically in the EU at the time, your website must comply. If the EU citizen is not physically within the EU at the time they are using your website – perhaps they are visiting the United States – GDPR regulations do not apply.

The second thing you need to know is that there does not need to be a financial exchange for a product or service for GDPR to apply. Marketing surveys, email newsletters, and any forms that collect data require you take action to protect the EU citizen’s personal and private data.

Where things become more confusing is that your website needs to specifically target EU members in order for GDPR to apply. For example, if you are a small B2B organization with an English website that is really geared towards US consumers but a person living in a EU country finds your website and wants to make a purchase, you do not need to be in compliance with GDPR.

If your website specifically targets, in any way, to EU countries, via language and other campaign goals, you must comply. Accepting another country’s currency, having an alternate domain with another country’s web suffix, or having content written in another country’s language makes you complicit as well.

Heavily Impacted Industries and Compliance

The most impacted US-based industries known for doing international operations are those that all into the hospitality industry and travel. Companies that deal in e-commerce, technology, and software should be especially conscious as well. Any website owner who could potentially market in the EU should review their website and organizational practices to be sure they are compliant.

The biggest issue with compliance is that consumers must be able to give consent. There are specific criteria for ensuring consumers are informed and the language must be unambiguous. In other words, clients get to opt-in; you do not get to force them to opt-out.

Even if a customer were to make a purchase from you, doing so does not give you permission to add them to a mailing list and continue to make contact via email promotions. A customer must have a box to check to give permission – no exceptions.

Not sure how to implement opt-ins? Call us at the Sachs Marketing Group office. Through our web design service, we can help you optimize and adjust to ensure opt-ins are present without distracting from conversions.

Complications and Consequences

The documentation and articles that make up GDPR is lengthy, complicated, and can be relatively confusing to the average business. If you have any doubts at all, contact a lawyer with experience in ecommerce and GDPR regulations.

Failure to secure consumer data or to respond appropriately to potential breaches (within 72 hours, usually) can result in hefty fines and penalties. There is no room for error when it comes to securing the personal data of consumers anywhere, but those protected by GDPR are watching carefully for any breach in protocol. Take the steps you need now to revamp your web practices, guidelines, and internal policies so that you don’t end up in news headlines later.

Alex Aller

2023-08-09

Our rep, Chris, has been a pleasure to work with. He is extremely knowledgeable in SEO and fast acting with strategy around competitors. Sachs has been instrumental in our e-commerce endeavors!

diane flinn

2023-01-11

Great follow up and customer service. Excellent SEO.

Caryn Fettner

2022-09-13

Eric and his entire staff were wonderful right from the get go (with special shout outs to Kirby, Tyson & Abbie!) - Everyone has been a pleasure to work with! Their response time, insight and creativity have all been above and beyond. We are so happy with how our website came out and are looking forward to embarking on the SEO portion. I will definitely be recommending Sachs Marketing Group to anyone that is looking for marketing services!

Georgina Robles

2021-12-09

Sachs is a phenomenal marketing group. They are quick to problem solve and are super communicative. I appreciate working with them entirely.

April Davis

2021-08-27

Sach’s Marketing Group goes above and beyond! Their knowledge and expertise truly elevated our standing in google and pushed us up to be #1 for weeks now! It was a daunting couple of months to be at the bottom of google pages until Sachs team came to the rescue! Thank you Eric and team - from a personal level to professional you guys are THE BEST! ✨🙏🏽✨

Gigi

2021-07-05

If you’re looking for an SEO company that does everything from creating website to search engine optimization they’re amazing ! the fact that you get your own dedicated agent that will always answer your emails is also fantastic the owner Erick is always just an amazing person. I have probably been a difficult customer but they were always so kind and understanding. I will always go to them for any SEO services.

Stephanie Hyde

2021-05-22

Amazing experience, highly recommend Sachs Marketing!!!

John Kipner

2021-05-20

Very responsive and good at what they do.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

GDPR: What US-Based Businesses Need to Know

What Exactly Is GDPR?

Does the GDPR Apply to US-Based Businesses?

How to Comply with GDPR Regulations

Heavily Impacted Industries and Compliance

Complications and Consequences

Leave a ReplyCancel reply

Eric Sachs