Can a privacy rule issued by a European governing body thousands of miles from South Dakota impact South Dakota business? Yes. In fact, such a rule took effect Friday, May 25, 2018.
General Data Protection Regulation (GDPR) governs the handling of data pertaining to European Union (EU) based customers. It is a new layer of regulation that your business must comply with in addition to already existing domestic law. Generally speaking, GDPR applies to businesses who target or acquire data on EU based customers.
Now might be a good time for your business to take stock of its current and target customer populations. In a globalized economy chances are slim that you don't target or do business with a single customer from the EU.
Your business sector is not a silo
GDPR is not industry specific. It applies across industries. Compliance with the other privacy laws of your industry (e.g. HIPAA) does not exempt you from GDPR. Businesses that are confident in their ability to comply with traditional law should still take a hard look at their practices through the lens of GDPR.