2B Advice
TEL: +1 (858) 366-9750
Data Privacy Knowledge

What are the GDPR Requirements for Companies in 2020?

GDPR Affects U.S. Companies

Even though the GDPR is a European standard, there are GDPR requirements for U.S. companies. American companies who are transferring personal data between the U.S. and Europe are included in the GDPR compliance requirements even though they may be headquartered physically outside the EU.

The first step towards full GDPR compliance is to establish if the GDPR requirements apply to a certain U.S. company. Regardless of company size measured in staff or revenue, if the company offers goods and/or services to EU/EEA residents or collects, processes or supervises the personal data belonging to users within the EU/EEA, the GDPR is applicable to it. Names, contact information, and details such as IP addresses, locations, etc. are considered personal data and covered by the GDPR and you need to demonstrate a lawful basis to process it.

The GPDPR compliance requirements are also adapted to various company characteristics such as staff size. Businesses employing fewer than 250 employees do not require a record for data-processing activities. This law only applies if the processing of information is harmless to the users, no distinct divisions of data are being handled, and if the processing is complying with Art. 30 GDPR. Therefore, most companies that process distinct personal data must provide records of their data processing endeavors.

Data subject rights and crucial tools in complying with the GDPR requirements for U.S. companies include Data Breach Notifications which fall under the user’s right to be informed and require companies to maintain transparent data collections and consent, or “opt-in”. These act in accordance with the Right of Access (Art. which concludes that the user must be allowed to view any collected data within one month for free. Other requirements of GDPR include conducting Data Protection Impact Assessments (DPIA), Privacy by Design and Default, Strict Consent Conditions, Data Subject Access Requests (DSAR), and appointment of a Data Protection Officer (DPO).

The GDPR has multiple tools which allow it to enforce its policy in foreign countries. If a company holds EU/EEA assets or presence, such as bank accounts, property, and servers, they can be seized for GDPR defiance. Alternatively, if they hold no physical occupancy in the EU/EEA region, GDPR compliance requirements demand a representative stationed within the EU/EEA precinct. Another strategy through which legal action can be taken is International law possibly through EU/EEA enforcement agencies.

GDPR Fines 2020

Data fines will also play a huge role in complying with this European law in 2020. They can be as expensive as 20 million euros or four percent of the company’s annual global revenue, whichever is more excessive.

For example, in a significant ruling, Google was fined €50 million by France’s GDPR enforcement agency, the Commission nationale de l’informatique et des libertés (CNIL), for processing EU/EEA user’s information without their consent and essentially disregarding GDPR requirements.

To review, GDPR requirements apply to most U.S.-based companies who have European customers especially if they supply consumer goods and services, track personal data, or share personal data with third parties. Noncompliance with the GDPR can potentially result in harsh and expensive consequences for American companies. Therefore, corporations that have any connection with European users should ensure that they receive reliable assistance in avoiding any incompliance with the GDPR requirements.

Similar Blog Posts

When Is a Data Protection Officer Required? When Is a Data Protection Officer Required?

Companies are required to appoint a Data Protection Officer. The question is which companies are affected? When do you need to do this?

Opt In vs. Opt Out Opt In vs. Opt Out

There is changing viewpoint over the practices of opt-in and opt-out email marketing. Here we explain the difference between opt-in & opt-out and what is the preferred approach today.

How Does a Consent Management Platform Help With Data Privacy? How Does a Consent Management Platform Help With Data Privacy?

A comprehensive privacy management software platform for managing CCPA compliance includes core elements such as consent manager, cookie banner, and policy notice generators.


Blog Categories



2B Advice LLC
7220 Avenida Encinas #208
Carlsbad, California, USA

Tel: +1 (858) 366 9750

Please enter the text you see below:

Another Image
Thanks for contacting us! One of our representatives will be in contact with you shortly regarding your inquiry.