The General Data Protection Regulation (GDPR) is the law that started internet data privacy regulation. GDPR is a data protection and privacy regulation that covers the European Union (EU) and the European Economic Area (EEA).
While the main goal of the GDPR is to give individuals control over their personal data, it also addresses the transfer of personal data outside the EU/EEA areas.
A good guide to better understanding the eleven chapters of GDPR is found here.
One of the key business issues that arises in the United States is the transfer of data between the US and the EU. This was typically done via the EU-US Privacy Shield Framework, on which more than 5,000 US companies relied to conduct trans-Atlantic trade in compliance with GDPR.
In July 2020, the Court of Justice of the European Union (CJEU) invalidated Privacy Shield in its Facebook Ireland v. Schrems decision (known as Schrems II). The CJEU determined Privacy Shield is not a sufficient mechanism to transmit personal information into and out of the EU.
Keeping compliant with EU individuals is important, but it does not have to be complicated. If your business does not have a physical location within the EU, there are data privacy companies that maintain offices in Europe that can help prevent the need for data to move overseas in the first place. Miller Operations has the partnerships to help you successfully navigate any GDPR concerns your business may have.