If you own a business in Florida, you likely worry about complying with the law. Maybe you already consulted an attorney to ensure that you follow legal employment requirements under Florida and U.S. laws. It might surprise you that you might still violate a European law, which can have consequences on your business operations. In this article, we look at the European Union’s General Data Protection Regulation (GDPR) and how it impacts your business.
What is the General Data Protection Regulation (GDPR)?
GDPR passed on May 25, 2018, by the European Union that protects a European resident’s data. It restricts how a company, even a non-European one, gathers and uses the data from a European resident. A company, even one outside of Europe, can be fined millions of Euros for failing to comply.
What Data Does It Cover?
The data that the GDPR covers are anything that can identify a person. Some examples are names, email addresses, physical addresses, and/or phone numbers. Additionally, the regulation protects payment information, such as a credit card used to make a purchase. Some things that most businesses might not consider important data for their records are also included, such as the client’s internet provider address.
Does GDPR Cover Only Electronic Data?
The GDPR protects any data of a European resident, not just digital. If a European client called your business and you take handwritten notes to process the order, those handwritten notes would also fall under the law.
GDPR Only Applies to Interactions Between the Business and the Client?
This is where many businesses might get into trouble. GDPR covers the data collected between the business and the client and includes any internal communications within the business concerning the client. For example, a European client places an order to a sales representative in a business based in Florida. Then, while ensuring the order is correct, someone sends an internal message to the business’s finance department. Then that internal message concerning the European client’s order may be subject to GDPR protections.
Beyond Protecting Personal Data, What Else Does GDPR Do?
Beyond placing a requirement on businesses to take exceptional care in protecting a European resident’s data, it puts a condition on the company to inform the client why they are collecting the data and how they will use the client data in the future. It also requires the business to erase or destroy all data related to the client if the client requests the business to do so and the data is not relevant to the business.
What are the Penalties of Violating GDPR?
Any company that violates GDPR faces fines of whichever value is higher: 4% of annual global revenue or 20 million Euros.
Can a Business Hire a Third Party to Comply Handle GDPR Compliance?
Although you can contract many businesses to handle GDPR compliance, the liability falls to the business that the European client is contracting. In other words, if the third party fails to comply, your business will be held liable, not the third party.
Ensuring that a business is in GDPR compliance can be handled by an experienced attorney who is competent in business law. The lawyers at Dowd Law are familiar with the requirements of GDPR compliance and can ensure your business complies with the law. Contact Dowd Law for a consultation on any legal issue that may impact your business.