Data protection/privacy legislation has been significantly amended with the introduction of the EU General Data Protection Regulation (GDPR) in 2018. Please note that both parties are acting as independent controllers in relation to the personal data processed in the context of their relationships with EU residents. The GDPR will significantly change and update the data protection regime across the European Union. All EU businesses processing personal data are subject to the GDPR as well as non-EU businesses offering goods or services directed at residents in the EU and processing EU residents’ personal data. Non-compliance bears the risk of the (increased) GDPR sanctions and reputational exposure.
RCI is updating its operations to reflect GDPR requirements. Affiliates should consult their own legal counsel to review their GDPR obligations concerning personal data they maintain.