Effective 25 May 2018 , the EU's General Data Protection Regulation goes into effect. The GDPR is a big deal and quite complicated . There are 99 articles and 173 recitals defining the privacy rights of individuals and data controllersā and data processorsā obligations. Are you a U.S.-based data controller or data processor subject to the GDPR? Y ou are a ādata controllerā if you, alone or jointly with others, determine the purpose and means of āprocessingā personal data of EU individual customers or businesses. The threshold is that you offer goods or services to customers or businesses in the EU (including the UK, despite Brexit) and collect their personal data. But even if you donāt sell goods or services to EU customers but engage in marketing or monitoring activities involving EU individualsā personal data, you are covered by the GDPR. You are a data processor if you āprocessā personal data on behalf of a ādata controller,ā i.e., a data c...
Attorney Chadwick C. Busk's monthly blog/newsletter for business professionals, including information technology executives, with occasional asides to comment-worthy topics. These posts are intended to inform and entertain; I earn no revenue from them.