Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Why go global with EU GDPR compliance?

The EU General Data Protection Regulation (GDPR) was once seen as a threat to the competitiveness of the EU by many in Silicon Valley, but now it’s looked on forlornly as the way forward.

But there’s a long way to go until US lawmakers act, if they ever do on a federal scale. Some states, though, might follow in the EU’s privacy footsteps relatively quickly. So for those of you with operations in the US and beyond, should you do nothing or act now?

Your customers care about privacy

The recent controversy surrounding Facebook has highlighted the importance of online data protection to millions around the world. In response, Mark Zuckerberg has committed to making changes to Facebook, and people will undoubtedly expect similar reassurances from other companies.

Many global organisations we’re working with have adopted GDPR across all their operations, in every country. This shows their customers and partners that they take privacy seriously, but it also simplifies the organisation’s processes.

Digital commerce knows no boundaries – most of Facebook’s processing happens in Ireland, for example – so the easiest response is to apply the strictest rules everywhere. Failing to do so risks being viewed as biased to customers or stakeholders in different counties, and that’s not acceptable in the eyes of public opinion. You don’t provide different levels of customer service or corporate responsibility, so why would privacy be any different?

So what should you do?

Start with a global review of where you hold personal data – you need to know what information you have and where it is. Consider the legal basis for why you have such data and, where necessary, make sure you have consents in place.

Next, apply a ‘one world approach’. No matter where your customers or stakeholders are, treat them with equal respect and put in place a global privacy policy. And tell them about it.

That means you need to implement universal and global information rights. Wherever you are, you should give your customers and stakeholders the same process and user experience. Provide a consistent ‘front door’.

A ‘one world approach’ also means you need a global set of internal tools, processes, standards and governance that make worldwide compliance effective and consistent.

Go global with GDPR now

Even though GDPR only applies in the EU, the possibility of US states aligning to the new regulation, higher customer expectations and the efficiency of taking a ‘one world approach’ mean you should go global with GDPR now.

The GDPR is a game-changer. Learn how PA is helping clients make the most of this opportunity.

Find out more

Contact the author

Contact the data privacy team


By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.