GDPR’s Global Reach: What Non-EU Businesses Need to Know

GDPR-Global-Reach
, - May 02 2018
GDPR’s Global Reach: What Non-EU Businesses Need to Know

The EU’s General Data Protection Regulation (GDPR) is just a few weeks away, with European companies putting the final checks in place to ensure compliance before the deadline on May 25th. However, it’s not just Europeans who need to make inroads into becoming compliant - GDPR will have repercussions for businesses around the world. If you have customers in Europe, don’t fall into the trap of thinking that these new data regulations won’t affect you.

Some quick background reading - GDPR is designed to protect the privacy and personal data of EU citizens. In order to collect and/or otherwise handle EU users’ data, companies will have to offer an explicit opt-in consent notice, presented in clear, easy-to-understand language. This cannot be tucked away and bundled in with other terms & conditions. Should a user decline, a company cannot collect data and assume consent; a practice that has been commonplace until now. A serious breach of these conditions set by GDPR could result in fines of either €20 million ($24.7 million/£17 million) or 4% of total global revenue - whichever equates to more.

For more on GDPR, its consequences, and how Ogury is 100% compliant read our blog post here.

EU Law, Global Reach

While companies in the EU have been busily preparing themselves for this seismic change in data privacy legislation, many based on other continents have been going about their business largely unaware. However, despite being outside of GDPR’s immediate jurisdiction, businesses based in countries beyond the EU will also be affected due to their ties with Europe.

The new regulation will affect any business that deals with the data of EU citizens, and as such, the majority of medium and large companies will have to comply. Pragmatically, enforcing fines internationally might prove difficult, and the logistics of doing so have been the subject of wide debate. Nevertheless, with penalties like these on the table, non-compliance is not a risk worth taking.

Despite being one of the farthest-reaching legislative changes in recent times, the extent of GDPR’s effects remains unknown to many. A number of reports state that between 50% to 55% of US companies don’t think they will be affected by GDPR and consequently don’t have a compliance plan in place. Many businesses in the USA’s northern neighbor, Canada, appear equally underprepared, preferring to adopt a ‘wait and see’, reactive approach.

A recent EY report indicated that most other countries are in a similar position - with just 33% of survey respondents having a plan in place for GDPR. Another EY study revealed that only 12% of Asia-Pacific businesses are GDPR-ready, exemplifying the lack of global awareness for how GDPR will affect more than just Europe.

Most press coverage of the subject to date has broadly portrayed GDPR as a Europe-only regulation. Now that the deadline is fast approaching, with the implications in sharper focus, the realization has dawned on companies around the world that they are potentially vulnerable to accruing hefty fines and other punitive measures.

Ogury - Compliant by design

As an EU-based company, GDPR has been on our radar since the legislation was passed. From our early beginnings in 2014 - well before GDPR was in contention - we have prided ourselves on being 100% upfront with our users, championing opt-in data collection and prioritizing users’ rights. As a result, unlike others in the market, there’s no last-minute legwork required to avoid repercussions. More importantly, our users are being served higher quality, truly targeted ads, safe in the knowledge that their data is not being misused.

With other international communities likely to create their own versions of GDPR, getting smart on data protection now will leave international companies in good stead for future cross-territorial data protection regulations.

Given the dramatic news headlines of late surrounding data privacy, GDPR couldn’t come at a better time. Its cross-continental repercussions could be a blessing in disguise, as it forces prominent, powerful companies to reconsider how they obtain and use personal data. With only a couple of weeks until the deadline, it’s crucial that companies across the globe wise up on compliance in time. Don’t be put off by the apparent complexity of GDPR; seize this opportunity to open a more honest dialogue with your consumers, both at home and abroad.