Companies doing business with EEA partners or collecting and processing personal data of EEA persons, should adhere and be compliant with the GDPR, not only because they are required to do so as stipulated by the GDPR, but also because:
• The fines levied by the EU enforcement bodies may be up to EUR 20 million, or up to 4% of a company’s global turnover;
• Data subjects have rights to bring claims to authorized data privacy authorities and local courts for any data breaches based on the GDPR;
• Global companies and companies based in EU or directly subject to EU law will be reluctant to doing business with companies that are not GDPR compliant, as it shall affect their own compliance;
• Investors or prospect acquirers of businesses require GDPR compliance as part of their Due Diligence focal issues, expecting scalability of operations to a global scope. Lack of compliance or at least processes towards compliance may affect transaction price and indemnification requirements.