Are U.S.-Based Organizations Free from GDPR Regulations?

3 min readFeb 7, 2019

What is it?

The General Data Protection Regulation (GDPR) began on 25 May 2018 and is designed to protect the personal data of people living in the European Union (EU). Officially, it’s the EU’s enforceable law which protects how a consumer’s personal data is stored, processed, and destroyed after it’s no longer needed. The GDPR is an upgrade from the Data Protection Directive (DPD) of 1995.

The GDPR aims to protect individual data, broadens parties accountable for protecting individual data, and provides a single requirement for all parties responsible for individual data.

The Long Arm of the Law

Organizations (including the US) doing business in the EU or collecting data on individuals living in the EU need to know the rules, otherwise you can face devastating penalties. The most important part of the GDPR for organizations outside the EU is territorial scope.

According to Article 3 of the GDPR:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behavior as far as their behavior takes place within the Union.

What that means

If an individual is in the EU when you collect their data, the rules of the GDPR apply. It doesn’t matter if the data collector is third party, outside the EU, or whether payment was received. However, if the individual is outside the EU, the GDPR does not apply, even if the individual is a citizen of the EU.

Scenario

If a US-based company is targeting an EU individual using marketing forms or questionnaires, the GDPR requires that the “terms & conditions” are written in an easy-to-understand voice. The language must be clear and understandable, with no legalese.

Once a US-based (or any organization outside the EU) collects data on an EU individual, that EU individual is now protected under the GDPR. If a data breach occurs and it’s not reported within 72 hours, the fine is 2% of the organization’s global revenue.

Losing a document, getting your multifunctional device (MFD) hacked, or just leaving a printed document in the MFD tray constitutes a data breach. If you’re not tracking and accounting for all the data across your Managed Print Services, you’re putting yourself at risk.

Don’t Stress

MyQ includes many features to help your organization comply with the new GDPR rules. Features such as pull printing ensures only authorized individuals have access to documents and data, eliminating the threat of lost or stolen documents. MyQ tracking and reporting features secure individual data and grant individuals the “right to access” their data and the “right to be forgotten” as they choose.

About MyQ

MyQ makes the award-winning, universal MyQ Solution for secure print management and workflow optimization via printers and other multi-functional devices. Headquartered in Prague, Czech Republic, with additional branches in Austria, France, Germany, Russia, UAE, the UK, and the USA, MyQ works with the most-recognized global vendors in the printing industry. CIO Business World rates MyQ a “Top 100” Czech technology company.