General Data Protection Regulation ("GDPR") is a European mandate that went into effect on May 25, 2018. The regulation is designed to establish uniform data privacy law across the European Union, and applies to any EU established business, including U.S. companies and firms with offices in the EU.
It is critical to recognize that GDPR does have implications to U.S. CPA firms, even if the firm does not have an EU office. Reference the following scenarios:
- The firm offers services to clients ("natural persons" or "individuals") in the EU.