Given the GDPR's dramatically expanded territorial reach, increased suite of individual rights and potential for hefty penalties, U.S. multinationals must prepare now to ensure compliance. 

On May 25, 2018, the General Data Protection Regulation (GDPR) goes into effect in the EU, bringing with it a series of consequences for U.S. multinationals that fail to comply. The GDPR aims to provide protection for natural persons with regard to the processing and movement of their personal data. It has an extraterritorial scope that allows it to reach U.S. companies who may not even be aware they are subject to its provisions. Additionally, the GDPR levies two tiers of fines. Noncompliance with the most stringent requirements results in fines totaling the greater amount of 4 percent of global annual revenue or €20 million ($23.58 million) and noncompliance with other provisions results in fines totaling the greater amount of 2 percent of global annual revenue or €10 million ($11.79 million).

Given the GDPR's dramatically expanded territorial reach, increased suite of individual rights and potential for hefty penalties, U.S. multinationals must prepare now to ensure compliance. 

For Further Information

If you have any questions about this Alert, please contact Sandra A. Jeskie, John M. Neclerio, one of the attorneys in our Privacy and Data Protection group or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.