GDPR for Newbies

GDPR for Newbies

Insight from European Data Protection Board (EDPB)

GDPR applies to US companies if they so much as look at an EU citizen's data. Non-compliance can result in fines of up to 4% of global revenue or €20 million, whichever is higher.

Collecting email addresses? GDPR.

Tracking IP addresses? GDPR.

Thinking about Europe? GDPR, believe it or not.

Compliance involves a fun little to-do list:

• Conduct a comprehensive data audit to document what personal data you collect, process, and store

• Implement robust security measures, including encryption, for all personal data you handle.

• Establish processes to promptly respond to user requests for data access, deletion, and portability

Oh, and you might need to appoint an EU representative. It's like having a pen pal, but with more legal responsibilities.

But fear not!

You can always outsource this to one of the many compliance vendors that will handle the whole process for you (Drata, for example).

Or, you can always sell only to Americans (at least you don’t have to convert anything to the metric system 🇺🇲).