ARTICLE
2 May 2018

Enforcing The GDPR On US Companies

WB
Womble Bond Dickinson

Contributor

Womble Bond Dickinson logo

Being different is our normal way of working. It's not just what we do, it's how we do it.

You'll benefit from more than just the skills and know-how you'd expect from a pioneering law firm; our technology specialists, process and project management leaders, accountants and tax advisers work alongside lawyers with specialist sector expertise – from business to government.

Working side by side, we'll find clever solutions to your age-old problems.

With 1,300 professionals across 39 offices in the US and UK, we're equipped to tackle mission-critical challenges, wherever you do business.

Want the proof? It's in our track record. With our straight-talking, entrepreneurial approach, we’ve set new industry precedents, achieved market firsts and delivered trailblazing work for our clients.

So, whatever your future holds, we're here for you with A Point of View Like No Other.

Explore Firm Details
At this point, it is no secret that many US companies will be subject to the GDPR. Under the GDPR, EU regulators will have the authority to punish noncompliance by imposing hefty fines ...
United Kingdom Privacy
Whitney Kamerzel,Allen O'Rourke, and Malcolm Dowden
Your Author LinkedIn Connections
Womble Bond Dickinson are most popular:
  • within Employment and HR and Law Department Performance topic(s)
  • with Senior Company Executives and HR
  • with readers working within the Basic Industries and Property industries

At this point, it is no secret that many US companies will be subject to the GDPR. Under the GDPR, EU regulators will have the authority to punish noncompliance by imposing hefty fines, issuing injunctions, assessing bans on processing, and suspending international data transfers.

The practical impact of such enforcement measures is the ability to devastate a product, service, or business.

Many US companies may still be wondering:

How can regulators enforce the GDPR on companies in the United States?

The answer, at this point, depends on principles of jurisdiction and international law. In general, international law distinguishes between the ability to apply law versus enforce law extraterritorially. As such, even if the GDPR is applicable to certain condu penalties for violating the law may or may not reach beyond EU member states.

  • While a US-EU civil enforcement mechanism for the GDPR doesn't yet exist, a cooperation agreement is possible in the future.
  • Without such an agreement, through the doctrine of comity, US courts will grant extraterritorial effect to the valid judgments of foreign courts. However, the US court must first be satisfied that the foreign court properly had jurisdiction over the matter and that the judgment was not contrary to public policy.
  • Only time will tell whether the GDPR satisfies these requirements.

This analysis relates to enforcement for GDPR noncompliance in general. However, some violations of the GDPR may also be violations of the EU-US Privacy Shield Framework for the transfer of personal information from the the US. In those instances, the FTC has indicated that it will enforce the Privacy Shield against US companies.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Whitney Kamerzel
Whitney Kamerzel
Photo of Allen O'Rourke
Allen O'Rourke
Photo of Malcolm Dowden
Malcolm Dowden
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More