New European Union Data Protection Rules

Franchisors who process or hold personal data for individuals residing in the European Union (EU) will be subject to the EU’s General Data Protection Regulation (GDPR) beginning on May 25. The GDPR requires businesses to establish protections for the personal data of EU residents and provide them with certain rights to consent, notice, and control over their personal data. The definition of personal data under the GDPR is broad, applying to any information that could be used directly or indirectly to identify an individual. The GDPR not only applies to businesses located within the EU, but also businesses located outside the EU if they do business there, process, or hold the data of EU residents. Significant fines and other penalties may be assessed for non-compliance. Franchisors who will be subject to the GDPR should begin taking action now to comply with its forthcoming implementation.