GDPR Compliance: How a New European Regulation Affects American Companies

As technology advances, the world shrinks. The Internet makes it incredibly easy for American companies to connect with European companies and customers. That can be great for business, but complying with regulations on both sides of the pond can get complicated – and a new piece of legislation out of Europe, the General Data Protection Regulation (GDPR), is making that abundantly clear for American businesses.

Any company that has clients or customers who reside in the EU should know about the General Data Protection Regulation. It was passed by the European Parliament in 2016 but only went into effect in May, and it’s the reason that everyone’s inboxes have recently been flooded with emails about privacy policy updates.

The GDPR is a hefty and complicated piece of legislation, but its purpose is essentially to protect the data and privacy of EU residents. The previous directive that set data protection policy in Europe was created in 1995, so it’s no surprise that the GDPR includes some dramatic changes. One of the most important changes, and the reason that this regulation affects American companies, is that the GDPR explicitly states that all companies that process the data of EU citizens must comply with the law – no matter where those companies are located.

So how does that affect your organization? Under the GDPR, companies that hold data about EU residents must safeguard it at all times, including at the point of destruction. Companies that meet that description have to be careful about maintaining thorough records about data destruction, in order it’s ever necessary to prove compliance.

At Northeast Data Destruction, we’re already seeing the way the GDPR is affecting our clients. For example, we recently began working with an online printing company that does business worldwide. Before this regulation was in place, this company landfilled or recycled any extra or misprinted products. But because our client does a lot of work with European customers, that disposal method is no longer workable. Printed materials left in dumpsters or landfills are theoretically accessible to the public and not secure. Any documents or digital files that contain data about EU residents – including their phone numbers, addresses, fingerprints and IP addresses – should be destroyed so thoroughly that they can’t be reconstructed.

Any company that does business in the EU or counts EU residents among its customers should pay close attention to the privacy requirements laid out by the GDPR. Fines for noncompliance can be millions of euros.

When it’s time to dispose of physical or digital files that hold data covered by this regulation, turn to Northeast Data Destruction for help. Our facilities and staff are prepared to thoroughly and permanently destroy everything from documents and files to hard drives and employee badges, and more.  Clients may personally witness the shredding of their secure data.

Stay compliant with the GDPR and any other industry regulations, or simply get the peace of mind that comes with knowing your company’s data is well and truly destroyed. Reach out to Northeast Data Destruction today to get started, or with any questions.