How will GDPR affect your US-based business?

The GDPR Affect

From the 25rh of May, 2018, the laws governing data storage and personal privacy in the European Union will undergo a comprehensive overhaul as the General Data Protection Regulation comes into force. For companies based in the EU, this deadline looms large on the horizon – the GDRP does, after all, represent the biggest change to data protection regulation in 20 years.

Given that the GDPR will have such a wide-ranging impact, European businesses have been gearing up for compliance for more than two years – or at least they should have been. What is less well-known, however, is that the new regulations have a much greater scope than previous data laws. For companies based outside of the EU, particularly those in the US, this means that GDPR compliance cannot be ignored.

Why US companies need to be prepared

Any US-based businesses that think that the GDPR does not concern them could be in for a huge shock. GDPR affects any organisation that collects or processes data from EU citizens, regardless of where that organisation is based. This means that if a US-based firm has a web presence and targets marketing at individuals located within the EU, then GDPR compliance must be met.

Travel, software and e-commerce represent just some of the most likely sectors where US-based companies are going to engage with EU citizens on a regular basis. In fact, given that the EU and the United States have the largest bilateral trade and investment relationship in the world, there are likely to be thousands of American companies that come under the GDRP’s remit.

Another reason why US businesses should take note of the new ruling is that it introduces hefty fines for any organisation that fails to achieve compliance. Penalties for the worst offences could be as large as €20 million or four percent of annual global turnover, whichever figure is greater.

How US companies can achieve compliance

Fortunately, there are ways that US companies can achieve compliance with GDRP before the deadline. First of all, businesses should make sure that they are fully versed in the ruling and how it relates to their operations. Determine whether you are a data controller or processor and identify what information you currently collect from EU citizens. Conducting a comprehensive data audit is one way of gaining a clear overview of how your business currently collects, processes and stores information.

US businesses can also enlist the help of managed Service Providers, including those based in the EU, if they are not sure how GDPR relates to them. Many cloud service providers based in the European Union are now offering bespoke GDPR packages to their clients to ensure that they are ready for the May deadline. Others, like Sungard AS, can provide specialised services that will prepare you for a particular aspect of GDPR, such as disaster recovery.

On the surface, the compliance deadline for the General Data Protection Regulation is a daunting prospect. Processes may have to be checked and employees may need further training, but there is still time to achieve compliance. What’s more, US companies should not view the new regulations as a burden. Instead, organisations all over the world should use GDPR as an opportunity to improve their data security and efficiency, giving them an advantage over their competitors and allowing them to deliver better service to their customers.

By Matthew Walker-Jones

DivvyCloud Podcast

Episode 7: Haste Makes Waste: The Dangers of Rushing to the Cloud

Dangers of Rushing to the Cloud The pressure to accelerate your company’s plans to move to the public cloud is substantial. But it should never be taken lightly. It’s a democratized world far away from ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Matt Holleran

Cloud Marketplaces Give Startups A Leg Up – Part 2

Cloud Marketplaces In my last post, Cloud Platforms, Marketplaces, and Startups Part One, I examined the proliferation of partner ecosystems within the cloud software business, beginning with Salesforce AppExchange. Here, we’ll look at how startups ...
Bill Talbot

How IT Operations Can Survive and Thrive in a Multi-cloud World

IT Operations Can Thrive in a Multi-cloud World IT operations teams are contending with the reality that growing volumes of workloads are running across multiple cloud services. While multi-cloud environments are growing ubiquitous, many IT ...
Staeadfast

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist at Steadfast Networks, which specializes in Colocation, Managed Infrastructure as ...
Kayla Matthews

5 Cybersecurity Trends Defining The Future

5 Cybersecurity Trends The cybersecurity industry continually evolves to meet changing needs and adopt new technologies. As such, it's appropriate to take a look at annual trends. Here are five of them for 2019: 1 ...