Effective 25 May 2018 , the EU's General Data Protection Regulation goes into effect. The GDPR is a big deal and quite complicated . There are 99 articles and 173 recitals defining the privacy rights of individuals and data controllers’ and data processors’ obligations. Are you a U.S.-based data controller or data processor subject to the GDPR? Y ou are a “data controller” if you, alone or jointly with others, determine the purpose and means of “processing” personal data of EU individual customers or businesses. The threshold is that you offer goods or services to customers or businesses in the EU (including the UK, despite Brexit) and collect their personal data. But even if you don’t sell goods or services to EU customers but engage in marketing or monitoring activities involving EU individuals’ personal data, you are covered by the GDPR. You are a data processor if you “process” personal data on behalf of a “data controller,” i.e., a data c...
Attorney Chadwick C. Busk's monthly blog/newsletter for business professionals, including information technology executives, with occasional asides to comment-worthy topics. These posts are intended to inform and entertain; I earn no revenue from them.