Europe to reveal new data protection rules for US firms

The GDPR will bring into law a series of changes to data protection and data privacy requirements that all companies with EU customers will have to adhere to, regardless of where they are geographically-based.

Among the amendments waiting in the wings are: penalties of up to EUR 100 million, or 2.5% of annual worldwide turnover, tighter requirements for obtaining valid consent to the processing of personal data, enhanced restrictions on profiling and targeted advertising, new data breach reporting obligations, direct legal compliance obligations for “data processors”, extended data protection rights for individuals,

A recent study, conducted by data privacy specialists TRUSTe found that over half of US businesses polled are not aware of the new obligations or prepared for them. Awareness was the highest amongst financial services companies (58%) and lowest amongst tech companies that are some of the greatest users of data (43%).

The GDPR is the result of attempts to harmonize data protection law across the EU member states. The existing laws were published as a Directive and as such could be implemented by each country in the way that they chose.