The GDPR imposes extensive obligations for companies in the EU that collect, use, or otherwise process personal information. The GDPR is designed to provide individuals located in the EU with greater protection of their personal data. Many small and medium-sized closely held U.S. companies automatically assume the GDPR does not apply to them. However, the GDPR’s reach extends such that it may include certain U.S. companies that would not ordinarily expect to be subject to European data privacy laws. Smaller, non-international companies or those that handle a relatively small amount of data relating to the EU or its citizens may be the most likely to be caught unaware under the GDPR .
With possible penalties of up to €20 million or 4% of global annual revenue for non-compliance, companies cannot ignore the GDPR. Meyers, Roman, Friedberg & Lewis’ Cybersecurity team has experience advising companies across industries with respect to their cybersecurity and data protection needs and, as you continue to assess your obligations, we would be happy to speak with you if we can assist.