Home Insights The General Data Protection Regulation (GDPR): It's a Small World After All

The General Data Protection Regulation (GDPR): It's a Small World After All

Publication
June 4, 2018
Author: Kelly Ruane Melchiondo

By now your email Inbox has likely been flooded with emails from websites to which you've provided personal data, advising of updates to privacy policies. There's good news. It's not just you. It's everyone, worldwide. Companies are responding to the European Union's General Data Protection Regulation (GDPR), a comprehensive and, some argue, draconian privacy regulation that went into effect on Friday, May 25, 2018.

The GDPR's complex regulatory scheme affords individuals more control over their personal information. Websites must inform users, in clear and concise language, of precisely the type of data collected, and require users to affirmatively consent to the collection. European citizens may demand that websites delete immediately their personal data. Companies that fail to comply with the GDPR face maximum fines of the higher of 20 million euros (approximately $23 million USD) or 4 percent of the company's annual global revenue.

Because of the internet's global reach, the GDPR likely affects your company. With limited exceptions for companies with fewer than 250 employees, the GDPR applies to every company that collects data from even one citizen of the EU. Thus, in addition to overhauling its privacy policy, any company that collects data on its website from, or does business with, a citizen of the European Union, must be prepared to retrieve, reveal or return that citizen's personal data upon request, or to purge it from its website. Companies that process or store large amounts of personal data for their employees or for individuals outside the company in the European Union must appoint a data protection officer. And, a company must provide notice of any data breach that affects a European user within 72 hours of the discovery of the breach.

Several large US media companies have responded to GDPR by blocking access to online content for European users. Other companies such as Google, Apple and Facebook have enacted measures such as creating separate privacy portals to permit users to request the full extent of their data history with the site.

Now is the time to review your website-users data, to determine if the GDPR affects you. If so, you must act quickly to become compliant.

 

 

Related Practices
Data Privacy & Security
RELATED PEOPLE
Kelly Ruane Melchiondo
Kelly Ruane Melchiondo
Partner
YOU MIGHT ALSO LIKE
Client Alert November 13, 2025
Opportunity Zones and the Sports & Entertainment Industries: New Incentives Unde...
The OBBBA modernizes Opportunity Zones with permanent incentives that strengthen financing for stadiums, entertainment venues, and mixed-use districts. This update expands opportunities for developers while requiring careful planning to meet compliance and community goals.
Awards November 11, 2025
Albert E. Dotson, Jr. Recognized in Florida Trend’s 500 Most Influential Busines...
Bilzin Sumberg CEO and Managing Partner Albert E. Dotson, Jr. has been honored in Florida Trend’s 500 Most Influential Business Leaders. His leadership in law, major infrastructure projects, and extensive civic involvement underscores his broad impact across Florida.
Client Alert November 11, 2025
Florida Supreme Court Declines Review of Biscayne 21—Leaving Third DCA’s Constra...
On October 14, 2025, approximately three months after the revised opinion in Avila v. Biscayne 21 Condominium, Inc., 50 Fla. L. Weekly D1509 (Fla. 3d DCA July 10, 2025), the Florida Supreme Court declined to accept jurisdiction over the Third District Court of Appeal’s certified question on co...
VIEW MORE