If you read these pages regularly, you know that the General Data Protection Regulation (GDPR), a European law that governs the handling of European Union (EU) members’ data, will come into full force on May 25. But even with all the coverage — and there’s a lot — we’re still unclear as to how the law will be enforced in the United States.
I spoke with Kristina Podnar, a digital policy consultant who is a GDPR advisor to Third Door Media, to see if we could get some clarity. We got — well, some. Here’s what we learned.
Who regulates GDPR compliance for US companies?
Who regulates US companies depends on your definition of “US company.” If a US company is a multinational with local legal market presence in the EU (i.e., they are a company’s local business entity), then the EU Data Protection Act (DPA) regulations prevail and the company is subject to the local member state system.