GDPR Enforcement in the U.S. ? | Community
Skip to main content
Betsy_Landon1
Betsy_Landon1
Level 2
March 19, 2018
Question

GDPR Enforcement in the U.S. ?

  • March 19, 2018
  • 2 replies
  • 7363 views

Can anyone provide information about (or provide a link to) how GDPR will be enforced in the U.S.?

I work for a small company with one location in the U.S. Our customers are located in the U.S. only. Sales does not pursue prospects located outside of the U.S.

People from around the world visit our website and submit forms to access gated content.

Just to be clear - my question is not about compliance. It's about enforcement, especially given my company scenario.

    2 replies

    Nicholas_Manojl
    Nicholas_Manojl
    Level 8
    March 20, 2018

    I'm not a lawyer (nor do I want to be) but it appears to me that you are not affected by the scope of the legislation and there is therefore nothing to enforce.

    But that's only prima facie based on that one paragraph you wrote. Maybe you have other factors that do require you to comply. That will require real advice from someone qualified to give advice.

      A
      Anonymous
      March 20, 2018

      Hi Betsy,

      I was explained in a GDPR training session that:

      - If a non E.U. data controller is managing personal data of a person from outside the E.U. that is outside the E.U. the moment the communication takes place, GDPR does not apply.

      - If a non E.U. data controller is managing personal data of a person from outside the E.U. that is in the E.U. the moment the communication takes place, GDPR does apply.

      - If a non E.U. data controller is managing personal data of a person from the E.U. that is outside the E.U. the moment the communication takes place, GDPR does not apply.

      - If a non E.U. data controller is managing personal data of a person from the E.U. that is in the E.U. the moment the communication takes place, GDPR does apply.

      GDPR for data controllers managing personal data applies based on where the person IS, rather than where the person is from.

      Please refer to the difference between data controller and data processor: ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-processors-dp-guidance.pdf

      Hope this helps you!

        Betsy_Landon1
        Betsy_Landon1Author
        Level 2
        March 20, 2018

        Again, I would like information about how GDPR will be ENFORCED in the U.S. for companies that do not have a presence outside the U.S. nor sell to the E.U.

        Is there or will there be any legal agreement between the E.U. and the U.S. where the U.S. government will impose penalties on behalf of the E.U.?

        I understand who it applies to and what the criteria is.

        A
        Anonymous
        March 20, 2018

        Hi Betsy,

        As I mentioned, only if the person you are targeting (although not in the EU) is in EU the moment you communicate with them will GDPR be applied.

        There is currently no further impact or implication on US data controllers not targeting EU.

        Thanks.

        Terms & ConditionsAccessibility statement

        Loading footer...