The European Union’s General Data Protection Regulation took effect on May 25, 2018. The GDPR’s impact extends far beyond existing data protection measures and affects businesses of all sizes — from one-man shops to the largest corporations.

Every American business operating or serving customers in the EU need to understand what they need to do to prepare for a new reality.

Good News. For most of the Clients of Clikz Digital, this is not an issue.

Because we primarily do work with small to medium-sized companies that do business here in the USA exclusively, you need not worry. So for the landscapers, restaurants, and other such clients, you are not responsible for compliance. Some of our clients with eCommerce stores that do sell internationally, we have already addressed the issue for you. We are not attorney’s so we cannot do much more than offer guidelines for what to do. If you are not sure if you need to comply with GDPR, then please give us a call so we can discuss it, or give your attorney a ring.

Here are a few things American businesses should keep in mind as to the GDPR’s implementation:

Does the GDPR apply to every business with EU ties?

It depends. The GDPR will affect all companies, individuals, corporations, public authorities, or other entities that offer goods or services to individuals in the EU or that monitor their behavior there. For example, the GDPR applies to an American company whose website is made available to people in the EU, or a Boston-based HR manager in an international organization that collects data centrally from EU-based applicants and employees. The GDPR even applies to charities and nonprofit organizations that collect information from individuals in the EU.

Will compliance with the GDPR be closely monitored?

Yes. Noncompliance can result in massive fines. In fact, if a company is not compliant with the GDPR by the May 25 deadline, it could face penalties as big as 20 million euros (around $24 million). Supervisory authorities within the EU have “investigative and corrective powers” to monitor and impose these administrative fines. The supervisory authorities’ job is to closely observe corporate data practices and strictly enforce punishment if GDPR requirements are not met on May 25 — or any day thereafter.