GDPR and US Organizations

If you’re anything like me, you get a good number of emails each day from retailers and other companies you frequent online.  You’ve probably also seen a rash of companies updating their privacy policy.  This is due to a new privacy rule affecting companies doing business in Europe.

Europe’s General Data Protection Rule, or GDPR, rolled out on May 25th.  The GDPR is a set of guidelines that regulates how personal information is collected and processed.  It includes data collection consent, notifications regarding hacked data, and pseudonymization of individuals’ information for large data projects.  Organizations will have to inform customers what data is being collected and also make corrections or deletions as requested.

While this regulation applies to companies that are targeting their offerings to those in Europe, companies like Microsoft have expanded their application of the rule to customers worldwide.  While this is likely a pre-emptive move, Microsoft says that they believe the established rules are important enough to be applied universally.  Other tech companies like Google and Facebook are planning on rolling out these changes to the rest of the world as well.

State and local governments in the US won’t have to worry about GDPR for the most part.  Even if a European citizen owns property in the US, the rule won’t apply because the local entity isn’t specifically targeting the foreign property owner.  Where the rule would apply would be in instances where a county might be advertising something like tourism to European citizens.

Organizations are right to be worried though, as fines for violating the GDPR are steep, as fines can reach the greater of four percent of annual revenue or 20 million euros.  Time will tell how enforcement actions play out, but for now, businesses seem to be leaning toward the better safe than sorry route.

Extract places great value on privacy and individuals’ personal information.  This is why we created an automated redaction solution that can identify and remove PII from documents to protect them from hackers and make them available to the public.

If you’d like to learn more about our redaction solution, please reach out to us today.


Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing.  Chris received his bachelor's degree in English from Bucknell University and has an MBA from the University of Notre Dame.  A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.