The General Data Protection Regulation “GDPR” is the privacy legal framework adopted by the European Union (EU) and enforced by member states. The European Data Protection Board was placed to resolve disagreements on interpretations by the EU member state authorities.

Interestingly (and highly concerning to US companies), the GDPR applies outside the EU by its provisions and public international law. Financial penalties may arise for noncompliance; this includes the rights of EU individuals to pursue a private legal cause of action.

The GDPR applies to companies operating within and outside the EU if the company processes the personal data of EU individuals; the GDPR applies when a company:

offers goods or services; or

monitors the behavior of individuals.

Therefore, U.S. companies are subject to the GDPR if they sell goods/services or collect personal data from EU individuals in the course of e-commerce.

If you're unsure about a contract or licensing agreement that may involve transactions within the EU, give us a call at (248) 671-4482.