This month Europe ushers in their General Data Protection Regulation (GDPR), unifying data rules across all of Europe and strengthening the privacy rights of European Union citizens. GDPR affects all businesses and organizations that offer goods and services online. That includes Tru Measure.

We are committed to complying with GDPR and will continue to ensure our platform meets the highest quality data protection standards. We’ve included a breakdown below of how the GDPR impacts U.S. based businesses.

HOW THIS AFFECTS TRU MEASURE: Currently our EU partners capture IP addresses which fall under GDPR protection. We’ve been working extensively with our legal and development teams to make sure we are exceeding all current and proposed privacy rules.

As the regulations go into effect, we’ll be making updates to our privacy policy and will alert all of our partners as that happens.

As always, if you have any questions please reach out to

• • •

What is GDPR?

According to the GDPR website, the legislation is designed to “harmonize data privacy laws” across the EU and give greater protection and rights to consumers.

Since a consumer’s data privacy preferences may change over time, the GDPR requires organizations to make it easy for individuals to update their preferences, withdraw consent, or be removed from a marketing database entirely.

One of the biggest parts of GDPR is “the right to be forgotten” process, which provides EU citizens with the absolute right to have their personal data deleted.

GDPR also requires 72-hour breach reporting, requires stronger and clearer opt-in polices, and large fines for non-compliance.

What does GDPR compliance involve?

Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from, as well as to respect the rights of data owners or face penalties for not doing so.

GDPR places legal obligations on a business to maintain records of personal data and how that data is processed, providing a much higher level of legal liability should the data be breached.

What does this mean for business based in the U.S.?

GDPR applies to any business or organization operation within the EU, as well as businesses outside of the EU that offer goods or services to customers in the EU.

The GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. And a financial transaction doesn’t have to take place.

The big question for U.S. businesses is targeting. If a user in Amsterdam comes across a U.S. based website in a normal search, GDPR would not apply. However, if a business is targeting EU citizens, GDPR would apply.

What is considered targeting? Obviously if ads are targeting EU geographies, but also if the website is in the language of that country, that country’s currency is accepted, or there are references to EU customers, GDPR would apply.