The General Data Protection Regulation, or GDPR, became effective on May 25, 2018. You may be wondering how it impacts your business and your Zenreach service. To support our customers, Zenreach has consulted with privacy professionals in Europe and the U.S. While we can’t offer legal advice, and we recommend you consult with your own counsel, we’re happy to share some of what we’ve learned to help educate our community.
What is the GDPR?
The GDPR is a new privacy law applicable in the European Economic Area (EEA) that regulates the processing of personal data of individuals in the European Economic Area. Among other things, the GDPR regulates the collection, use, and sharing of personal data of EEA individuals. The GDPR applies to any organization physically doing business in the EU or otherwise processing personal data of individuals in the EEA. However, for businesses that are processing personal data of EEA individuals but that have no physical presence in the EEA, it only applies where the businesses “offer goods and services” to EEA individuals or where they monitor the behavior of individuals in the EEA.
For businesses that meet these criteria, the GDPR defines a set of requirements governing the collection and processing of personal data. These requirements include, but are not limited to, specifications around consumer consent, storage and security of collected data, and certain rights by individuals to access, correct, and request deletion of their data.
How does GDPR impact my business using Zenreach?
The good news is that, since your business is not located in the EEA and the data generated by Zenreach is generated outside of the EEA, the GDPR shouldn’t affect your use of Zenreach.
What happens if a European tourist visits my store in the United States and signs into Zenreach WiFi?
Since your business is operating outside the EEA, and the data that is gathered and generated by the Zenreach system originates outside the EEA, we do not believe the GDPR applies. A user’s EU citizenship does not change our conclusion, because the issue concerns whether the company is intentionally offering goods and services to residents of the EEA—not whether an EEA tourist comes into the United States and purchases goods and services here and in the process provides personal data to the U.S. business.
What about my website and use of the Zenreach website email collection widget?
The GDPR specifically provides that merely operating a website accessible to EEA residents does not constitute offering goods and services in the EEA. So the use of your website is not a basis for GDPR applicability.
With that being said, if you are using your business’ website to offer goods and services in the EEA (for example, selling coupons for e-commerce transactions in Euros to European citizens), then you might be impacted by GDPR, and we encourage you to contact an appropriate privacy professional for further assistance.
We hope this information is helpful to you. We are here to help you with any questions about your Zenreach service and will continue to work with our customers as technology or legal obligations change.