Gaining awareness of GDPR and its implications worldwide is expected to be highly challenging for non-EU-domiciled firms, which may have clients or staff who are EU citizens. Even though many firms will be affected by GDPR, unfortunately awareness levels appear to be very low outside the EU, not only regarding the regulation itself, but also its requirements and the complexity it will add to business processes.
There are also differences between the underlying emphasis of US and European legislation in this area. The EU focusses predominantly on the rights of individuals, whereas US regulation focusses on the rights of companies to process and manipulate users’ personal data. ‘Safe harbour’ has already been rendered obsolete and working through the contradictions in rules will be challenging.