How will GDPR affect your US-based business?

The GDPR Affect

From the 25rh of May, 2018, the laws governing data storage and personal privacy in the European Union will undergo a comprehensive overhaul as the General Data Protection Regulation comes into force. For companies based in the EU, this deadline looms large on the horizon – the GDRP does, after all, represent the biggest change to data protection regulation in 20 years.

Given that the GDPR will have such a wide-ranging impact, European businesses have been gearing up for compliance for more than two years – or at least they should have been. What is less well-known, however, is that the new regulations have a much greater scope than previous data laws. For companies based outside of the EU, particularly those in the US, this means that GDPR compliance cannot be ignored.

Why US companies need to be prepared

Any US-based businesses that think that the GDPR does not concern them could be in for a huge shock. GDPR affects any organisation that collects or processes data from EU citizens, regardless of where that organisation is based. This means that if a US-based firm has a web presence and targets marketing at individuals located within the EU, then GDPR compliance must be met.

Travel, software and e-commerce represent just some of the most likely sectors where US-based companies are going to engage with EU citizens on a regular basis. In fact, given that the EU and the United States have the largest bilateral trade and investment relationship in the world, there are likely to be thousands of American companies that come under the GDRP’s remit.

Another reason why US businesses should take note of the new ruling is that it introduces hefty fines for any organisation that fails to achieve compliance. Penalties for the worst offences could be as large as €20 million or four percent of annual global turnover, whichever figure is greater.

How US companies can achieve compliance

Fortunately, there are ways that US companies can achieve compliance with GDRP before the deadline. First of all, businesses should make sure that they are fully versed in the ruling and how it relates to their operations. Determine whether you are a data controller or processor and identify what information you currently collect from EU citizens. Conducting a comprehensive data audit is one way of gaining a clear overview of how your business currently collects, processes and stores information.

US businesses can also enlist the help of managed Service Providers, including those based in the EU, if they are not sure how GDPR relates to them. Many cloud service providers based in the European Union are now offering bespoke GDPR packages to their clients to ensure that they are ready for the May deadline. Others, like Sungard AS, can provide specialised services that will prepare you for a particular aspect of GDPR, such as disaster recovery.

On the surface, the compliance deadline for the General Data Protection Regulation is a daunting prospect. Processes may have to be checked and employees may need further training, but there is still time to achieve compliance. What’s more, US companies should not view the new regulations as a burden. Instead, organisations all over the world should use GDPR as an opportunity to improve their data security and efficiency, giving them an advantage over their competitors and allowing them to deliver better service to their customers.

By Matthew Walker-Jones

Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
Oxylabs
A conversation with Aleksandras Šulženko – Product owner at Oxylabs.io In a global economy where change happens by the second, one of the best ways to keep up with industry information, including your competitors, is ...
Rajesh Khanna
Implement Hyperautomation to Scale Automation Programs by 3X Most Digital Service Providers (DSPs) struggle to accelerate their path to Hyperautomation due to the complex processes with legacy systems and applications. Although Robotic Process Automation (RPA) plays a ...
Kelly Dyer
Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.