US vs. EU users nd GDPR?

Discussion in 'General Data Protection Regulation (GDPR) Forum' started by Matt Sasso, Mar 2, 2018.

  1. Matt Sasso

    Matt Sasso UKBF Newcomer Free Member

    1 0
    We are a small company based in NY who sells services primarily in the US but we also provide services in the EU. We are working to become compliant with GDPR regualtions for our EU data subjects/users but that also carrie some impact on our US business as our guidlines are not as strict. My question is this. How do you do that using a single website or app to meet the GDPR regulations for EU users by gaining consent but also take advantage of te less restrictive regulations in the US to improve marketing reach.
    So far I have found everything to be all or nothing. Can I ask users if they are in the EU and then serve the approapriate experience based on the answer?
    would love and appreciate some advoce here.
    Posted: Mar 2, 2018 By: Matt Sasso Member since: Mar 2, 2018
  2. Simon Plummer

    Simon Plummer UKBF Contributor Free Member

    84 22
    OK, so on the website, make sure that a well written privacy statement is available first of all, with clear signposts to what data is being processed, why, retention etc. Also ensure there is an easy process for data subjects to enact their rights (e.g. email address [email protected])- obviously applies to EU citizens but would be best practice to give this to all subjects in any case.

    With regards to marketing, just deal with EU related data subjects differently and in line with GDPR as apposed to US - you could either have a separate database or ensure there is a clear identifier/flag enabling you to differentiate. Don't forget though, consent is only one 'lawful right for processing' out of 6. You can still market (within justifiable reason), for example 'legitimate interests' as long as you can demonstrate that you have reviewed this (Legitimate interest review). Hope this helps, and hope I understood!
    Posted: Mar 6, 2018 By: Simon Plummer Member since: Dec 6, 2017
  3. Keith Budden

    Keith Budden UKBF Contributor Full Member

    77 10
    Hi Matt - also have a look at the EU/US privacy shield - in the US it is a self-certification process. I have guided a number of clients through the process of registering under the shield, and although the process can look intimidating at first, it is really not that difficult.
    Posted: Mar 30, 2018 By: Keith Budden Member since: Mar 30, 2018