You are potentially at risk if you or any individual employee and/or any system within your company sends commercial email and/or retains E.U. customers' personal data.
Complying with email regulations and GDPR is extremely challenging given all the variables your company needs to account for. Consider all of the various sources and uses of email in your company as well as all the places your customers' personal data can reside:
Anti-spam regulations create significant regulatory and legal risks for small businesses, large corporations and individuals sending emails anywhere in North America and the European Union. Your officers and directors are also at risk.
Regulatory and Legal Costs:
The fines and legal implications, which clearly can be very significant, are the literal tip of the iceberg in comparison to the costs of going through the process of being investigated and fined which can be far greater than the cost of the fine itself. The process spans months and sometimes more than a year and includes costs for:
Reputational risk, "shame game." Equifax's share price dropped 40% in the two weeks following their 2017 breach.