🇺🇸United StatesActive
GDPR compliance in the US
The GDPR applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Enforcement authority
National Data Protection Authority
Maximum sanctions
Up to 4% of global annual turnover or EUR 20 million, whichever is greater.
Obligations
Key obligations
What GDPR requires from organizations operating in the US.
Appoint a Data Protection Officer (DPO) where required
Maintain records of processing activities (ROPA)
Conduct Data Protection Impact Assessments (DPIA)
Implement data breach notification within 72 hours
Ensure lawful basis for all data processing
Local context
Local context in the US
Enforcement varies by member state. Some DPAs are more active than others.
Frequently asked questions
How does GDPR apply in the US?
The GDPR applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Who enforces GDPR in the US?
National Data Protection Authority
What are the penalties for GDPR non-compliance?
Up to 4% of global annual turnover or EUR 20 million, whichever is greater.
GDPR in other jurisdictions
Check your GDPR compliance now
Start free scan to see your risk score and applicable obligations.