Kristina Podnar
Apr 26, 2018 · 3 min read
Image Credit: NASA

Is your company US-based and assuming that GDPR doesn’t have an impact since you don’t have offices in the EU? Wrong!


There are 29 days and counting until the EU’s General Data Protection Regulation (GDPR) comes into effect. How are you feeling? You might be feeling good about how your organization communicates and markets to EU prospects and customers. Or you might be closing your eyes really hard, like when you were three and afraid of the monster in the closet, hoping GDPR will be gone by the time you open them. Then again, you might fall into a third category of digital managers and directors who are ignoring GDPR completely and repeating the mantra “It is an EU thing and I am in the US. What can they do to me?”

If you are continuing on your GDPR journey, congratulations and best of luck for continued progress! If you haven’t started yet or are holding out because you think the EU’s arm of the law can’t reach you in one of the 50 US states, let me help you. While I am not a lawyer, here is some useful legal information from a digital policy perspective:

  1. Not worried about EU citizens suing you because they aren’t US citizens? In America, the right to make legal claims is not affected by citizenship. This means that a foreign citizen can sue your US-based company for violation of their privacy rights. While many have argued that a US court would not enforce an EU-law, there are similar privacy violations (think Children’s Online Privacy Protection Act, or COPPA) that apply in the US and can form the basis of a suit. Just because someone is a foreign citizen does not mean they cannot file a complaint in the US.
  2. Not concerned about being taken to court for violating a single person’s privacy? You might want to speak with your legal representative about the potential of a class action suit, as the requirements to file one in the US are far lower than a criminal or civil complaint. For example, if you were to collect the names, email addresses, mailing addresses, and phone numbers of 40 tourists who are taking a summer excursion to the US and continue to market and target them once they return to the EU, the group could file a civil lawsuit in the US.
  3. Not troubled because it is far-fetched that any EU subject would take up a case in the US given that it is costly and a potential challenge? Note that someone in an EU country could sue you under their country law and look for enforcement of the judgement in the US. While the US is not required to enforce foreign court judgements, there are conventions in place that support US court enforcement of arbitration awards (see the New York Convention and the Panama Convention). This means that if an EU subject sought foreign arbitration with a complaint under GDPR, awards issued in alignment with the New York and Panama Conventions could be enforced.

The legal ramification of GDPR and its reach in the US is just another incentive for your organization to come to terms with the mandate and ensure prospect and customer privacy. If you get it right, not only do you protect yourself legally, but your organization could see profitable spin-offs in areas such as data governance and customer trust. And that seems like a legal, and financial, win!

This insight originally appeared on kpodnar.com

Kristina Podnar

Stories and opinions on digital governance, digital policies, digital standards.

Kristina Podnar

Written by

Digital policy innovator, helping organizations see policies as opportunities to free the organization from uncertainty, risk, internal chaos.

Kristina Podnar

Stories and opinions on digital governance, digital policies, digital standards.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade