GDPR: What it is and what you need to knowOn May 25, 2018, the European Union’s General Data Protection Regulation (the “GDPR”) went into effect. The GDPR is a new law designed to give greater protection to the personal information of people in the EU by regulating the collection, storage, use, disclosure, processing, transmitting and destruction of their personal information. People in the EU will now have more control over their personal information and, hopefully, their personal information will be more secure.


What does the GDPR mean for people in the United States?

You will receive and need to respond to numerous emails from businesses under the GDPR’s purview (if you have not already been inundated with emails). Businesses like Instagram and Facebook have reached out to their users via email to (1) notify them of changes to its privacy policies and (2) request consent to keep their personal information. You will likely need to agree to these new policies to continue using many services.


What does the GDPR mean for businesses in the United States?

The GDPR is quite broad. A business in the United States must comply with the GDPR if it:

  1. Has a physical presence in Europe;
  2. Has employees located in Europe;
  3. Offers goods or services to people residing in Europe (including over the Internet);
  4. Collects or handles personal information from people residing in Europe; or
  5. Monitors the behavior of people residing in Europe (including website analytics).

Because of the GDPR’s breadth, many United States businesses will need to pay more attention to their data policies and practices. This is especially true because failure to comply with the GDPR could lead to steep penalties as high as the greater of 4% of the business’ annual revenues or €20 million.

Even for businesses not subject to the GDPR, its effectiveness is a great opportunity for United States businesses to reassess and analyze these policies and practices—in particular, what, how and why the business collects, stores, uses, processes, discloses and transmits its data.


Can businesses subject to the GDPR still collect your personal information?

Businesses subject to the GDPR can still collect your personal information. However, they generally need a “lawful basis” and your consent in order to do so.


Will laws similar to the GDPR be adopted in the United States?

With the more stringent GDPR coming into effect, you may be left wondering if and when the United States will follow the EU. As of today, the United States has more relaxed privacy laws compared to the EU, and only time will tell whether the privacy laws in the United States will be revised to be as protective as those in the EU.


The GDPR is in effect. What do I do now?

Check your email for announcements of businesses implementing new policies governing their use of your personal information and be conscious of these changes. On a case by case basis, decide how you want to permit particular businesses to use your personal information.


If you are a business owner and are concerned about the GDPR applying to your business, or how your business can comply with the GDPR, please contact Gunster’s technology law practice to discuss your next steps.


Yes! Please sign me up to receive email alerts from other Gunster practice areas.

This publication is for general information only. It is not legal advice, and legal counsel should be contacted before any action is taken that might be influenced by this publication.

About Gunster

Gunster, Florida’s law firm for business, provides full-service legal counsel to leading organizations and individuals from its 12 offices statewide. Established in 1925, the firm has expanded, diversified and evolved, but always with a singular focus: Florida and its clients’ stake in it. A magnet for business-savvy attorneys who embrace collaboration for the greatest advantage of clients, Gunster’s growth has not been at the expense of personalized service but because of it. The firm serves clients from its offices in Boca Raton, Fort Lauderdale, Jacksonville, Miami, Orlando, Palm Beach, Stuart, Tallahassee, Tampa, Vero Beach, and its headquarters in West Palm Beach. With more than 240 attorneys and consultants, and over 240 committed support staff, Gunster is ranked among the National Law Journal’s list of the 500 largest law firms and has been recognized as one of the Top 100 Diverse Law Firms by Law360. More information about its practice areas, offices and insider’s view newsletters is available at


Find a Professional

by Name

by Practice/Office