The European Union’s (EU) General Data Protection Regulation (GDPR) is now in force, governing data protection and privacy for all individuals within the EU. Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy Group compiled a white paper to answer frequently asked questions and offer practical guidance related to the GDPR, which can be found here.
Multinational firms based in the US with a presence in the EU, including restaurant chains, have (or should have) implemented policies to comply with the GDPR, and avoid the large penalties that can result from non-compliance. Even companies located solely outside the EU are technically required to comply with the GDPR if they have EU citizens as customers.
Multinational firms can choose to comply with the GDPR only in those stores within the EU. Companies located outside the EU may choose to ignore the GDPR altogether, on the assumption that the EU cannot enforce the regulation on entities without a presence inside its borders. Other commentators, such as Greg Sparrow, senior vice president and general manager at security and privacy provider CompliancePoint, contend that all companies should view the GDPR as an opportunity to distinguish their position in the market, by spelling out the ways they keep customer data secure.
Goldberg Segalla has a dedicated team of attorneys to assist businesses to implement their data privacy objectives, and help companies looking to develop new policies to keep their customers’ data secure.