GPDR on the Doorstep

SURPRISE!

Say your organization has no GDPR exposure today, and you are absolutely sure of that fact.

But what if, what if, what if…

What events could cause that to change?

Here are 10 business changes to look out for:

1. Expanding Business into the EU Market: If a non-EU based company starts offering goods or services to individuals in the European Union (EU), it becomes subject to GDPR. This applies regardless of whether payment is required for the goods or services.

2. Handling Data of EU Residents: If the company begins to collect, process, or store the personal data of individuals residing in the EU, GDPR compliance becomes necessary. This is true even if the company does not have a physical presence in the EU.

3. Tracking EU Residents Online: GDPR applies to companies that monitor the behavior of individuals in the EU. For instance, if a company tracks EU residents’ online activities for purposes like behavioral advertising or analytics, it needs to comply with GDPR.

4. Changes in Data Processing Activities: If a company changes its data processing activities in such a way that it now processes data on a large scale or processes certain types of sensitive data, GDPR compliance may become necessary.

5. Partnerships with EU Companies: If a non-EU company enters into a partnership with an EU company and, as a result, processes the personal data of EU residents, it must comply with GDPR.

6. Subcontracting by EU Companies: If an EU company subcontracts a non-EU company to process personal data on its behalf, the non-EU company must comply with GDPR.

7. Legal or Regulatory Changes: A change in the legal or regulatory landscape can also necessitate GDPR compliance. For example, if a country’s laws change to require GDPR-level data protection for its citizens, companies operating in that country would need to comply.

8. Increased Data Protection Awareness: Sometimes, a company may choose to become GDPR compliant due to increased awareness of data protection issues, even if not strictly required by law.

9. Mergers and Acquisitions: If a non-EU company acquires an EU company (or vice versa), or if there is a merger where either party is subject to GDPR, the resulting entity will need to ensure GDPR compliance.

10. Adoption of New Technologies: Implementing new technologies that involve the processing of personal data, especially if this includes EU residents’ data, could trigger the need for GDPR compliance.

Each of these scenarios involves significant changes in how a company handles personal data, especially concerning individuals in the EU, and thus requires careful consideration of GDPR requirements.

Note: This list is incomplete. Be sure to consult legal counsel periodically to find out if your organization’s status has changed.

For help with your GDPR compliance program, reach out to Scott Simon or Peter Schawacker. Si prefieres tener una conversación en español, contacta a Laura María Kavanagh.

Remember: This information is for general informational purposes only and should not be construed as insurance advice. Always consult with a qualified insurance professional to discuss your specific needs and coverage options.