Skip to main content

GDPR question if we only market to North America

0 Votes

Comments

2 comments

  • Sion Stedman

    Hi @John Donald

    A very important change in the GDPR that hasn't received the attention it deserves has do with the geographic scope of the new law.

    To quickly summarise: Article 3 of the GDPR says that if you collect personal data or behavioural information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

    The second point is that a financial transaction doesn't have to take place for the extended scope of the law to kick in. If the organisation just collects 'personal data' – EU-speak for what in the US is called personally identifiable information (PII) – as part of a marketing survey, then the data would have to be protected GDPR-style.

    There's ​a useful complete article on this topic here.

    On a personal note, even if you are North America-only today, I would suggest your company nevertheless considers whether you might one day expand to the EU; in which case, it might be just as well to put in place relevant GDPR processes now. But at the very least, you could implement in your form capture the ability for a person to set their country of residence/workplace, so you will always have a way to know which data protection laws are applicable to them.



    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 04-17-2018 11:25
    From: John Donald
    Subject: GDPR question if we only market to North America

    Does anyone know if we need to implement GDPR specs if our brand only markets within the USA and Canada? We do not market to Europe. However, I do see a few email addresses on our list in the UK. If some one randomly signs up from Europe does that mean we have to implement GDPR?

    ------------------------------
    John Donald
    Manager, Sales & Marketing Automation
    Designs for Health
    ------------------------------
  • Tod Cordill
    First off - I'm not a lawyer. Below is a decent article on the subject of GDPR for US companies. Here's an excerpt:

    If you use Google Adwords and a French resident stumbles upon your webpage, the GDPR likely would not apply to the company solely on that basis. If, however, your website pursues EU residents – accepts the currency of an EU country, has a domain suffix for an EU country, offers shipping services to an EU country, provides translation in the language of an EU country, or markets in the language of an EU country, the GDPR will apply to your company. 

    If you choose to believe this then you're probably OK if you only market, sell, and ship to US based customers.

    On a logical note it's hard to understand how a US based company that has no operations in Europe and does not market to Europeans  located in Europe would be subject to European law. Or become interesting to an European agency. At some point I expect it could end up in courts to sort it out.

    Does the GDPR Apply to Your US-based Company? | Lexology
    Lexology remove preview
    Does the GDPR Apply to Your US-based Company? | Lexology
    If you've been following the headlines, you know that a day doesn't pass without a reference to the 'GDPR'. On May 25, 2018, the European Union (EU)...
    View this on Lexology >



    ------------------------------
    Tod Cordill
    Moderno Strategies
    tod@modernostrategies.com
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 04-17-2018 11:49
    From: Sion Stedman
    Subject: GDPR question if we only market to North America

    Hi @John Donald

    A very important change in the GDPR that hasn't received the attention it deserves has do with the geographic scope of the new law.

    To quickly summarise: Article 3 of the GDPR says that if you collect personal data or behavioural information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

    The second point is that a financial transaction doesn't have to take place for the extended scope of the law to kick in. If the organisation just collects 'personal data' – EU-speak for what in the US is called personally identifiable information (PII) – as part of a marketing survey, then the data would have to be protected GDPR-style.

    There's ​a useful complete article on this topic here.

    On a personal note, even if you are North America-only today, I would suggest your company nevertheless considers whether you might one day expand to the EU; in which case, it might be just as well to put in place relevant GDPR processes now. But at the very least, you could implement in your form capture the ability for a person to set their country of residence/workplace, so you will always have a way to know which data protection laws are applicable to them.



    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------

    Original Message:
    Sent: 04-17-2018 11:25
    From: John Donald
    Subject: GDPR question if we only market to North America

    Does anyone know if we need to implement GDPR specs if our brand only markets within the USA and Canada? We do not market to Europe. However, I do see a few email addresses on our list in the UK. If some one randomly signs up from Europe does that mean we have to implement GDPR?

    ------------------------------
    John Donald
    Manager, Sales & Marketing Automation
    Designs for Health
    ------------------------------

Please sign in to leave a comment.

Connect with us

Chat with us
Search for your answer or chat with our support team.