Be it London, Lyon or Leipzig, if US companies want to do business in Europe after 28 May 2018 and need to process the personal data of EU citizens they will need to comply with the GDPR – effectively the first global data protection law.
The new regulation is universally applicable for any organisation storing or processing EU personal data, wherever the organisation is based. Even companies that have never even set foot in Europe will face penalties if they don’t get in line with the new regulations.
As with most major regulatory changes, everyone is afforded a decent amount of time to prepare. However, don't get too complacent by waiting until the deadline next May to kick off any changes. Installing and testing new systems, training employees, and getting your head around the new processes will all take time.
So, if you’re an American company still in the dark about GDPR compliance, it’s probably time to wake up and smell the coffee.
US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts -- with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.