Generally speaking, EVERYONE who collects and processes user data is affected by the General Data Protection Regulation (GDPR) (contact forms, Google analytics, Facebook Pixel, and so on). And by the way, the GDPR even extends to non-EU companies the moment they process data of EU citizens.


Privacy protection "made in Europe" is putting a lot of pressure on American companies.

The reason is the European Union's "General Data Protection Regulation" or "GDPR" that came into effect on May 25, 2018. It's goal is to create consistent and uniform protection — also and especially dealing with non-EU and American companies. That is why the GDPR is also applies to companies outside the EU. Breaches can lead to penalties up to 20 million EUR or 4 % of the worldwide annual revenue.


EU citizens are to get back the sovereignty over their data, so goes the promise

43 % of managers questioned in the US believe that their company isn't affected by the new data protection policy. In contrast, only 3 % of IT representatives in Great Britain and 9 % of those in the rest of the EU feel the same way (Source: Spiceworks Study 1,2).


Some companies, especially in the US, believe that they are exempt from potential fines by the EU centric regulatory provisions.

There are, however, massive knowledge gaps concerning the question, how GDPR impacts business. After all, the new regulations affect every company in the world that collects data of EU citizens, the expert continues. This means that IT departments that are under the wrong impression that GDPR isn't a concern to them, will have a rude awakening next year when the pressure builds to implement the requirements.
Lost and Found Third-Party Providers

Your current lost and found software is a third-party solution that isn't directly associated with your company but still offers to collect or process user data, e.g. via customer inquiry form from your website? It is advisable to obligate your lost and found provider through data handling contracts to comply, as well as maintain a transparent handling of customer data. This provider should also be explicitly mentioned in their own section of your data privacy policy (including name and address of the company, a note on which data is used and why as well as to the existing private data compliance contract).