๐บ๐ธUnited States
GDPR compliance in United States
The GDPR applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Enforcement authority
National Data Protection Authority
Maximum sanctions
Up to 4% of global annual turnover or EUR 20 million, whichever is greater.
Key obligations
What GDPR requires from organizations operating in United States.
Appoint a Data Protection Officer (DPO) where required
Maintain records of processing activities (ROPA)
Conduct Data Protection Impact Assessments (DPIA)
Implement data breach notification within 72 hours
Ensure lawful basis for all data processing
Local context in United States
Enforcement varies by member state. Some DPAs are more active than others.
GDPR by industry in United States
Frequently asked questions
How does GDPR apply in United States?
The GDPR applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Who enforces GDPR in United States?
National Data Protection Authority
What are the penalties for GDPR non-compliance?
Up to 4% of global annual turnover or EUR 20 million, whichever is greater.
Check your GDPR compliance now
Run a free scan to see your risk score and applicable obligations.