Yes, it applies to you. (Probably.) The GDPR applies to any business that processes the personal data of EU citizens - and it doesn’t matter where those businesses are physically located. If you handle any personal data of an EU citizen, the GDPR applies to you and you need to be sure you’re compliant.
It means any kind of data. Seriously. Any data you request of a customer that can be used to directly or indirectly identify a person is now regulated by the GDPR. Make sure you really understand what’s covered by it.
No legalese, lawyers. The GDPR requires explicit permission to process any personal data - and clear language is key in the request. This means it can’t be buried in “fine print” privacy policies or lengthy legal documents; we’re talking plain language for the “every customer.” Pop-ups are a great tool for this (and here are some samples to check out).
Here’s a handy-dandy infographic that helps break down the basics of the GDPR. For something more advanced, check out the upcoming program on GDPR Compliance in M&A Transactions, which addresses the due diligence required in nitty-gritty detail.
Shaun is the Director of Content at Lawline. She holds a JD with a certification in Intellectual Property/Entertainment & Sports Law from Seton Hall Law and is admitted to practice in New York and New Jersey. In her free time, she coaches a high school dance team and choreographs the school’s musical. She is also a passionate advocate for animals and strives to cultivate Animal Law programs, among her other endeavors with the company.