The GDPR requires consent as a basis for a company to transfer personal data. Prior to the GDPR, EU Directive 94/46/EC only required “opt out” consent, which could be implicit. The GDPR however, requires that the data subject agree to or make “a statement or clear affirmative action” granting such consent for use or transfer of personal data. Read more
Tag: EU privacy law
Global Scope of the GDPR & Applicability to Companies in the United States
So this is the question that is coming up more and more here in the United States – Does the GDPR apply to our company?
Remember that GDPR was put in place to protect individuals from improper use of their personal data and also to allow them to freely move same, and to enjoy certain other rights with respect to their personal data. While its reach is broad, the GDPR does not apply to processing of data if it falls outside the scope of EU law (processing for public safety, or government issues is not subject to it). If your company interacts with customers within the EU for purposes of trade, and you you store, process or share EU citizen’s personal data then the GDPR rules apply to your company. Read more