Does GDPR Apply to You?

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

The Directive did not regulate US businesses unless the collection or processing occurred within the EU (e.g., if a US-based company had a data center in the EU). Now GDPR clearly has stronger extraterritorial reach than its predecessor.

Businesses collecting and using personal data should know their GDPR obligations. Violators of GDPR face steep penalties. Regulators can fine a company up to 20,000,000 euros or 4% of worldwide annual turnover, whichever is higher.

Click here to download the full PDF version of this client alert.

Our Data Privacy and CyberSecurity Team, along with our international network, including our relationships with U.K.-based firm Bond Dickinson and Lex Mundi member firms, is available to assist and advise clients in efficiently addressing GDPR-related issues. To learn more about the issues in this client alert, please contact Ted Claypoole at or 404.879.2410.