As the GDPR states that each and every company (Both inside EU and outside EU) that have access to the individual’s data have to comply with GDPR regulations. So from the law, it is very clear that even US companies that can access EU resident’s data have complied with GDPR. If any US company fails to comply with GDPR then they have to pay heavy penalties for noncompliance. The main purpose of this regulation is to protect the data of the EU residents.
GDPR compliance checklist for US companies
- Conduct an information audit for EU personal data
If you are a US company then you have to conduct an information audit for EU personal data. Check if your organization needs to comply with GDPR or not. During the audit you must check what personal data your organization process and if the data belongs to EU residents then your organization have to comply with GDPR. If your company is processing services that are related to offering good or other IT services then you have to company with GDPR. If you need more information about GDPR data protection then you have go through the Article 23 of GDPR.
- The Right to be Forgotten and Data Subject Rights
To the people of EU, GDPR has given then 2 additional rights. They are
i) the right to be forgotten (erasure) and ii) the right to portability of their data. The rights of data subjects are extensive under GDPR governed by Articles 15-22 of GDPR. According to these rights, EU resident has the right to receive a copy of their personal data at any time period. They also have the right to object to processing including automated processing and profiling.
- Controllers and Processors
There are two categories set by GDPR guideline and these are called data processors or data controllers. Here you have to check if your company is a data processor or a data controller. Data Processor Company processes the individual’s personal data on behalf of a controller whereas data controller determines the purposes and means of how customer data is to be processed. A company can be both data controller and data processor at the same time. Both Controllers and Processors have dissimilar implications regarding how they meet the terms with the GDPR for US organizations.
- Designate a representative in the European UnionFor the non EU companies, it is required to appoint a representative based in one of the EU member states under article 27 of GDPR.
Above we have listed few of the important steps that will help you avoid drawing scrutiny from EU regulatory authorities.