When the General Data Protection Regulation (GDPR) turns into law all over the EU, it will also influence non-EU states. This is because GDPR relates to all companies and organizations that are involved in the handling of the private data of people who are in the EU, regardless of where that company or organization is based.
This doesn’t apply to EU residents only, but to residents of any state who are in the European Union when data is gathered from them and handled. It is also worth noticing that GDPR rules don’t apply to EU residents whose private data is gathered and handled outside of the European Union. The requirement for GDPR compliance can be tough for non-EU states, like the US, as their viewpoint to the safety of private data is awfully different from that of the European Union.
The EU viewpoint on Data Safety
The philosophy behind GDPR is that every person must be permitted to secrecy as a fundamental human right. This is the reason the new rule sets out to harmonize the way that private data is handled all over the European Union. The conditions help to make sure that private data is dealt with securely, to safeguard the secrecy of people.
The US Viewpoint on Data Safety
In the US, there is no general expectation of secrecy. In its place, private data tends to be controlled based on the subject matter. Instances of this are HIPPA which controls health data and GLBA which controls fiscal data. This means is that some data which is safeguarded by GDPR conditions might not be safeguarded as per US law. For that reason, handling the private data of EU residents will have different laws attached to it compared to handling the private data of non-EU inhabitants, when GDPR turns into law.
How does this Influence US Firms?
Dealing with 2 different viewpoints towards data safety is expected to be extremely difficult for several US organizations and companies. It will be too difficult to have different systems for different sets of clients, based on where they are situated. It’s also worth noticing that one person might be subject to 2 different groups of laws. For instance, a man might buy a TV from a US firm, while at home in Texas. The data handled would be subject to US laws. He might then go on holiday to France and order additional equipment from the same seller when he is away. The data handled would be dependent on GDPR laws, as the man is in the European Union at the time of handling. You can see how complex the state of affairs can get.
This is why the most suitable method to adopt would be to handle data safety as an all-inclusive requirement in all phases of data handling. This is a less complex method in the long-term and assists to make sure that organizations and businesses are complying with the GDPR. It is yet to be seen how many US companies and organizations adopt this method.