Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

GDPR at one year: Lessons learned for American Companies

May 24, 2019By Preiskel & Co

The European Union’s landmark data privacy law, the General Data Protection Regulation (GDPR) went into effect one year ago. By now, the implications for European residents and companies are fairly well known. Many of us will have received updated privacy policies in our email inboxes, or become increasingly aware of headline-grabbing stories on mass data breaches. But what about beyond the borders of Europe? Using American companies as a particular example, we explore the way in which the GDPR has changed how to do business.

In what way does the GDPR have the power to influence how American companies handle data?

Because the GDPR introduced a single legal framework that applies across all EU member states,  businesses now face a more consistent and harmonized set of compliance rules from one EU member state to the next. But in a considerable departure from the old Data Protection Directive, the GDPR imposes an expanded territorial scope. No matter where they are located around the world, companies must comply with the GDPR if they either offer goods or services to data subjects located in the EU, or monitor EU data subjects’ behavior.

These new regulations are not without teeth. Whereas fines under the previous directive maxed out at £500,000 here in the United Kingdom, fines under GDPR can reach up to 20 million euros or 4% of a breaching company’s global turnover. Accordingly, from 25 May 2018, many American companies became subject to European privacy laws for the very first time, and faced considerabe sanctions for noncompliance.

Image result for usa and eu flag

In the lead-up to GDPR taking effect, many European residents were soon geo-blocked from accessing American websites. The reason? If European customers were blocked from accessing the websites, the companies would not technically be “offering their goods or services” to Europeans, nor would they be “monitoring their behavior”.

Although the majority of companies retreating from Europe were small to medium-sized technology companies, others included global names such as the Los Angeles Times.

Compliance for American companies is possible

This underscores the point that the United States often seen as a more friendly home for those companies seeking fewer, less stringent privacy regulations. However, for many American companies, abandoning the European market is undesirable, or perhaps even impractical.

Rather than retreat from the regulations, we consider that it is absolutely feasible to use the GDPR as an opportunity to review and enhance their various IT, privacy and cybersecurity practices. If a company demonstrates commitment to data protection and privacy, this could be a key competitive differentiator. Building confidence and trust with consumers and corporate partners alike is crucial for strong, on-going relationships. In this way,

Preiskel partner Jose Saras, who leads the firm’s Privacy Team, explains: “In addition to providing legal advice on contracts and internal policies, one of the most exciting aspects of our work is when we provide our clients with a framework to create a commercial advantage. We take the time to listen to their concerns and learn their core values, to really help them how data protection and profitability can go hand-in-hand.”

One of the first things we help clients with – especially those who are not based in Europe – is conducting a data audit or “data mapping” exercise. Doing so is a great first step to better understanding the types of personal data being processed, and how determining the practical ways in which the GDPR may apply. This, coupled with our on-going support, means that clients can benefit from real-time advice on the practical issues of running their business in Europe.

If you have any questions on GDPR or data protection matters more generally, please contact Jose Saras.

Latest Preiskel & Co blog posts
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023
  • General EU Requirements for Cookie Banners – EDPB Task Force Report
    January 27, 2023
  • Ofcom Launches Investigation into BT Following Suspected Breaches of Consumer Protections Post Implementation of EECC
    January 27, 2023

The Preiskel Blog

  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill 17 Mar 2023
  • Stormy weather for cloud computing in the EU 16 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets. Find o… https://t.co/S7J7sX3kfs6 hours ago
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape. Find out more at: https://t.co/JN5P4COQ4f7 hours ago
  • Stormy weather for cloud computing in the EU. Find out more at: https://t.co/dOpC8u4wLf6 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy