Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Tina Cowen
    • D A T Green
    • Karthyaeni Vittala
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Mark Clough
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina Korgol
    • Maria Constantin
    • Sophia Yakhno
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

GDPR at one year: Lessons learned for American Companies

May 24, 2019By Preiskel

The European Union’s landmark data privacy law, the General Data Protection Regulation (GDPR) went into effect one year ago. By now, the implications for European residents and companies are fairly well known. Many of us will have received updated privacy policies in our email inboxes, or become increasingly aware of headline-grabbing stories on mass data breaches. But what about beyond the borders of Europe? Using American companies as a particular example, we explore the way in which the GDPR has changed how to do business.

In what way does the GDPR have the power to influence how American companies handle data?

Because the GDPR introduced a single legal framework that applies across all EU member states,  businesses now face a more consistent and harmonized set of compliance rules from one EU member state to the next. But in a considerable departure from the old Data Protection Directive, the GDPR imposes an expanded territorial scope. No matter where they are located around the world, companies must comply with the GDPR if they either offer goods or services to data subjects located in the EU, or monitor EU data subjects’ behavior.

These new regulations are not without teeth. Whereas fines under the previous directive maxed out at £500,000 here in the United Kingdom, fines under GDPR can reach up to 20 million euros or 4% of a breaching company’s global turnover. Accordingly, from 25 May 2018, many American companies became subject to European privacy laws for the very first time, and faced considerabe sanctions for noncompliance.

Image result for usa and eu flag

In the lead-up to GDPR taking effect, many European residents were soon geo-blocked from accessing American websites. The reason? If European customers were blocked from accessing the websites, the companies would not technically be “offering their goods or services” to Europeans, nor would they be “monitoring their behavior”.

Although the majority of companies retreating from Europe were small to medium-sized technology companies, others included global names such as the Los Angeles Times.

Compliance for American companies is possible

This underscores the point that the United States often seen as a more friendly home for those companies seeking fewer, less stringent privacy regulations. However, for many American companies, abandoning the European market is undesirable, or perhaps even impractical.

Rather than retreat from the regulations, we consider that it is absolutely feasible to use the GDPR as an opportunity to review and enhance their various IT, privacy and cybersecurity practices. If a company demonstrates commitment to data protection and privacy, this could be a key competitive differentiator. Building confidence and trust with consumers and corporate partners alike is crucial for strong, on-going relationships. In this way,

Preiskel partner Jose Saras, who leads the firm’s Privacy Team, explains: “In addition to providing legal advice on contracts and internal policies, one of the most exciting aspects of our work is when we provide our clients with a framework to create a commercial advantage. We take the time to listen to their concerns and learn their core values, to really help them how data protection and profitability can go hand-in-hand.”

One of the first things we help clients with – especially those who are not based in Europe – is conducting a data audit or “data mapping” exercise. Doing so is a great first step to better understanding the types of personal data being processed, and how determining the practical ways in which the GDPR may apply. This, coupled with our on-going support, means that clients can benefit from real-time advice on the practical issues of running their business in Europe.

If you have any questions on GDPR or data protection matters more generally, please contact Jose Saras.

Latest Preiskel & Co blog posts
  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed
    April 28, 2022
  • TikTok Class action for the Misuse of Child Personal Data
    April 28, 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018
    April 20, 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK
    April 19, 2022
  • Meta hit by 17 million euro fine by Irish regulator
    April 19, 2022
  • Ofcom has mandated that telecoms providers ensure British Sign Language (BSL) for 999
    March 18, 2022
  • Ofcom publishes statement on the future of telephone numbers
    March 15, 2022
  • German court sends biometric data questions to the ECJ
    February 23, 2022
  • Meta fined £1.5m by CMA
    February 7, 2022
  • International data transfer agreement and addendum laid before Parliament
    February 4, 2022
  • CMA publishes statement of scope in music and streaming market study
    February 1, 2022
  • Google Privacy Sandbox faces European Commission complaint from German publishers
    January 24, 2022

The Preiskel Blog

  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed 28 Apr 2022
  • TikTok Class action for the Misuse of Child Personal Data 28 Apr 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018 20 Apr 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK 19 Apr 2022

Preiskel news

  • Daniel Preiskel and Xavier Prida lecturing to Academia Mexicana del Derecho Informático and Abogado Digital
  • Preiskel & Co advises Mexico-based premium content production company Dopamine
  • Danny Preiskel was ranked as a Global Elite Thought Leader in Telecoms & Media by WhosWhoLegal Data 2022
  • Danny Preiskel featured in GCCM (Global Carrier Community Magazine)
Preiskel tweets
  • @jwrosewell @m4aow @w3c @IABTechLab Our pleasure!62 days ago
  • RT @jwrosewell: Great work from @Preiskel and the whole @m4aow team. Thank you. Much for @w3c, @IABTechLab, and others to consider in this…62 days ago
  • RT @TC_4KBW: Google’s battle with publishers shows that at every turn it seeks to block others from competing. it blocked header bidding, b…62 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2022 | Site map | Legal notices | Privacy | Cookie Policy | Privacy | Fraud Notice