GDPR in the USA

Lee Webster
September 21, 2022

GDPR in the USA

The European Union’s General Data Protection Regulation (GDPR) requires companies to take extra steps to protect user data and give users more control over their information. For US companies that do business in the EU, GDPR compliance is mandatory. But even if your company doesn’t have any customers in Europe, you may still need to comply if you collect or process the data of people residing in the EU.

The regulation applies to any company that processes or intends to process the data of people residing in the EU, regardless of whether the company is based inside or outside the EU. This includes companies that store or process data in the EU, as well as companies that offer goods or services to EU citizens.

So what does GDPR compliance entail?

  • First, companies must get explicit consent from users before collecting, using, or sharing their data.
  • Second, companies must provide users with clear and concise information about their data rights under GDPR.
  • Finally, companies must take extra steps to protect user data from accidental or unauthorized access, destruction, or loss.

If your company processes the data of EU citizens, you need to take steps to ensure that you're compliant with GDPR. Ignoring the regulation could lead to hefty fines, and it could damage your company’s reputation. But there's a solution that many companies are turning to: using an automated privacy policy. Privasee offers peace of mind by ensuring you're up to date at all times by maintaining your policy remotely. They offer a 'set it and forget it' system whereby you simply add your tools and allow the tool to create a bespoke policy for your website, simply paste the code and you're done. Check out the easy steps here



You may have heard of CCPA, but how does it differ from GDPR? Well the The CCPA protects “consumers” who are are California residents in order to be protected, whilst the GDPR protects “data subjects,” and does not specify residency or citizenship requirements. We wrote a blog post some time ago about this, check it out here.

  1. CCPA is enforced by the attorney general of California, GDPR by the EU National Data Protection Agencies
  2. Both consider IP address to be personal info
  3. With CCPA consent is required in the case of minors or people who have previously opted out, with GDPR consent is always required
  4. In both cases opt-out is required
  5. CCPA penalties of up to $7500 per individual case (+ the can sue), with GDPR the fines are up to €20m or 4 x global annual revenue

In conclusion, companies are increasingly having to think about GDPR regardless of location, if you want to stay ahead of your competition, avoid fines and ensure your customers feel safe in your hands, you should be thinking about GDPR today.

Share this post
Lee Webster
Get Compliant in <1 Hour

Are you Fully GDPR Compliant?

Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.