Saturday, July 1, 2017

Need For Compliance With GDPR Is Beyond Any Organization's Control

When non-European organizations first heard of the General Data Protection Regulation (GDPR), they may have understood it as a European regulation only - and therefore considered it not to be applicable to their business. However, looking closer, it became clear that GDPR applies to all organizations worldwide doing business with European residents.

Again, many organizations who do not offer their goods and services to European residents concluded they will not be affected. Wrong!

Let's assume the following scenario: It's 2018, and a local bank in Vermont (USA) offers, beside other banking services, mortgages to home owners in the region. Tim S. recently bought a new home which the said bank financed. As it happens in real life, Tim today accepted an attractive professional assignment in Europe for one year. Since he will work abroad only for a limited period of time, he decided to keep his house in Vermont. Tim accordingly continues to pay his mortgage, has a neighbor to take care of his house during his absence and looks forward to enjoying his home after his return.

Impact on Tim's bank in Vermont: During the time of his assignment in Europe, Tim will be a European resident and therefore be protected by the GDPR, or - in other words - the GDPR is applicable to Tim's bank in Vermont.

Conclusion: The above scenario demonstrates that the need to comply with the GDPR is beyond (almost) any organization's control and that it solely depends on where their clients decide to reside - the customer is king.

[Legal disclaimer: This blog post is not intended to be legal advice, but to raise awareness that consulting a lawyer is recommended.]

No comments:

Post a Comment