Bay Area IT companies San Francisco

U.S. Businesses Operating in EU Must Address Europe’s General Data Protection Regulation

Bay Area IT companies and IT support providers across the U.S. are on notice: As of May 25, 2018, the EU will implement a high profile regulation to protect the data of consumers. Numerous U.S. companies will be affected by this, whether they operate in the EU, or even if they simply possess personally identifiable information on citizens of the EU. The regulation’s main purpose is to protect the data of EU citizens, whether that data is located in the EU or outside of it. The following overview highlights the main considerations associated with this regulation, which is called the General Data Protection Regulation (GDPR).

Europe’s General Data Protection Regulation and IT Support Implications

How to Remain Compliant

Bay Area IT companies are spreading the word, businesses will need to follow certain guidelines to ensure compliance. Organizations must take measures to keep personal data secure. This data includes information such as names, locations, and identification numbers. It also includes genetic data, as well as information related to race, ethnicity, political opinions, and many other personal details. Also to be protected are IP addresses, cookie data, and RFID tags.

Additionally, organizations will be required to name a Data Protection Officer, and they will also need to put a clear data protection policy into place. Data breaches must be reported within 72 hours.


Businesses must consider a variety of implications associated with the GDPR. Organizations may only process data when EU citizens have freely given their consent. EU citizens will also have the right to “be forgotten” in terms of data, meaning that their data must be erased if it is no longer needed or consent has been withdrawn. Companies must also report data security breaches within 24 hours to those who might be adversely affected by such breaches.

A company does not need to do business in the EU to be required to adhere to the regulation. Even if the data processing takes place outside of the EU, such as in the U.S., an organization would be required to comply.


The penalties for noncompliance will be steep. Some violations will result in a penalty of up to two percent of the previous financial year’s turnover. The penalty will be up to 4 percent of annual turnover (or up to about $26 million USD) for other violations.

For Bay Area IT Consulting Contact Eaton & Associates

If your U.S. business or organization handles any data related to EU citizens, you should further explore the details of the new regulation now. If you need assistance in becoming compliant, do not hesitate to consult Eaton & Associates. We are one of the leading IT consulting firms in the Bay Area, and we provide Bay Area IT support services to meet a broad range of needs. You can contact us online, or reach us at (800) 342-4525.