GDPR or General Data Protection Regulation was enforced on May 25, 2018. This is the most useful data privacy law today in Europe. This law sets rules and regulation on how organizations will protect the personal data of people residing in the European Union.

This law not only implements to the organizations that are based in EU and have access to individual’s data but it also implements to those organization that are based outside EU but also have offices in EU. Any business or agencies that have that even operates or offers services via the Internet have to comply with GDPR.

Now the question that arises here that does the GDPR apply to US businesses? Let us answer this question here. 

When does the GDPR apply to US companies?

According to Article 3 of the GDPR, it is said that if the organization is based outside the EU but have access to personal data of individuals located in the EU and also have the access to behavioral information as far as their behavior takes place within the EU then also that organization have to comply with GDPR even if it has no physical presence in the EU. Companies of USA that have online presence in EU should therefore be particularly mindful of the GDPR.

So for this it simply means that if any US organization or company that collects personal data of people in the EU is required to comply with the GDPR. GDPR regulations are compulsory for those US companies that are accessing or processing the personal data of subjects in the EU even if the processing takes place outside the Union.

Does GDPR apply to the US companies?

Yes, General Data Protection Regulation (GDPR) applies to the US companies. Because of the article 3 of GDPR which states that any organization that has access to the individual’s data of the EU/EEA residents must comply with GDPR compliance even if the company is based outside European Union. 

General Data Protection Regulation applies of any U.S business regardless of the number of staff they have and revenue they generate. They have to comply with GDPR if they meet any of the following conditions:

  1. If the organization or company provides goods or other services to European Union residents.
  2. If the organization monitors behavior of the users inside the European Union. 

Personal data and behavior of the EU resident that are covered by GDPR includes:

  • Names
  • Contact information
  • Location of the person (IP addresses and device details)
  • Biometric information
  • Pictures and videos
  • Other personal information and details. 


Any U.S company that serves European Union residents and has access to their data or tracks their behaviour within this region has to comply with GDPR.