The GDPR is a regulation of the European Union that seeks to put control over the personal data of EU residents in their own hands, rather than in the hands of the entity that collected or stored the data. Under Article 3(2) of GDPR, the Regulation covers non-EU companies when the processing of the data relates to the offering of goods or services to people in the EU.

You are a community or regional bank with no physical presence in the EU. BUT, you have a website that can be viewed throughout the world. Is that enough, by itself, to risk GDPR coverage? No. But the language of your website might push you over the edge if you “target” EU residents. Does your website expressly offer loans to nonresidents to buy property in the US? Do you provide any currency references in Euros? Do you offer to convert Euros to Dollars for non-residents traveling to the United States? Do you openly offer parents in the EU the ability to monitor their child’s bank account when attending college in the US? Does your website offer language choices that have no local relevance? Spanish is OK. Chinese is OK because it’s not an EU language. Flemish or Bulgarian? Probably not worth the risk.

Today’s Takeaway? Review your website to make sure that there is nothing specifically targeting EU residents. When your website language or structure is being revised, keep the GDPR in mind just to make sure that you do not trip over it.