What is the GDPR for the US?

Lawrence Bonk Profile image

Written by:

Updated January 6, 2023

If you are new to the world of online privacy, you may wonder what is the GDPR for the US. Many of the best websites and online retailers, after all, have adopted some practices that impact consumer privacy, which is where the GDPR and its consumer protections come into play. So what is the GDPR, how does it impact US-based customers, and what are some tips to fully utilize these regulations? Keep reading to find out.


  • The General Data Protection Regulation, or GDPR, is a collection of online privacy protection laws benefitting EU citizens against malfeasance by multinational companies.
  • America has no nationwide equivalent, though there are several states with similar laws on the books to limit processing activities by supervisory authorities and protection authorities.
  • The most robust of these regulations is California’s CCPA, which stands for the California Consumer Privacy Act.

What is the GDPR?

Before learning about personal information within the GDPR, it is helpful to understand the GDPR itself. The General Data Protection Regulation, or GDPR, is a suite of consumer privacy laws developed for residents of the European Union (EU.) These rulings pertain to information about natural persons within the region, so anonymous accounts are not protected by this law, though it pertains to GDPR employee data. Additionally, it pertains to GDPR-sensitive personal data.

Insider Tip

Contact your local political representatives if you live in one of the other 47 states and worry about online privacy.

Many of the regulations within the GDPR are mirrored in America via state regulations if you are wondering about a “do not sell” CCPA order.

Is There a GDPR Equivalent for the USA?

There is no GDPR equivalent for the entire US market, though certain states have their own versions that provide many of the same benefits to consumers. However, there is nothing on the federal level, though there has been much discussion in recent years regarding the nationwide implementation of these regulations.

Here are some of the statewide mandates in play to help modern consumers.

California’s CCPA

The California Consumer Privacy Act (CCPA) applies to consumers who are California residents and offers significant protections, such as mandating that companies delete personal information upon request and dictating which information can and cannot be shared with third parties. Companies have 45 days to respond to deletion requests as indicated by the CCPA as long as the request was issued by a verified citizen of the state.

STAT: The introduction of the General Data Protection Regulation (GDPR) back in May 2018 set a high bar in privacy protection for individuals within EU member states. (source)

Virginia and Colorado

Both Virginia and Colorado have laws on the books that were inspired by the CCPA. As such, they mandate that companies clearly indicate when and how information is collected and dispersed and allow users to issue deletion requests. These statutes are considered slightly less robust than California’s CCPA, but they are certainly better than nothing.


Why do US companies have to comply with the GDPR?

US-based companies must comply with the GDPR when dealing with customers located in the EU; otherwise, they put themselves at risk of civil action by a legal entity.

Does the GDPR apply to EU citizens living in the US?

No, the GDPR only benefits EU citizens actually living in Europe, which is learned via IP address. US-based companies must comply with the GDPR in Europe but not on home shores.

What is personal data under the GDPR?

Any processing activities of personal information fall under the personal data umbrella and is subject to privacy legislation and regulatory authorities. This includes the sharing of social security numbers by US-based companies and the like.
Lawrence Bonk Profile image