What GDPR Means for Small Businesses in the US

What GDPR Means for Small Businesses in the USIt has become increasingly commonplace for businesses to collect prospect and customer data.

Recently, conversations around big data, IoT, and the possibilities surrounding emerging tech have only increased.

While it is true that companies collect personal information to better understand, market to, and serve their customers, this isn’t to suggest their intentions are always so transparent or benevolent.

When you realize that businesses are collecting everything – social media posts, addresses, banking information, IP addresses, and the sites people have visited – you might start feeling a little uncomfortable.

This is what led to the creation of a new European privacy policy known as GDPR.

What is GDPR?

If you’re selling to customers in Europe, take note – GDPR applies to you. And, it will take effect on May 25, 2018.

The new policy gives European citizens greater control over their personal information and ensures protection over their data.

But what constitutes personal data?

According to the GDPR directive, names, photos, email addresses, locations, bank details, social media posts, medical history, and IP addresses qualify as personal data.

GDPR gives people certain rights, namely: the right to access their data, the right to withdraw consent for businesses to use their personal data, the right to transfer data, the right to have data corrected, the right to restrict the processing of data, the right to stop the processing of data, and the right to be notified if there is a data breach.

What Does This Mean for Small Businesses in the US?

The GDPR puts the individual back in control of their data. Meanwhile, it offers less control to companies who are using personal data to grow their businesses.

If you aren’t serving any prospects or customers in Europe, then GDPR may not apply. But even if you established your company in the United States, if you have interactions with Europeans, you will be required to observe and abide by this new regulation.

As a small business, it’s quite likely that you do not have a data controller or protection officer. Either you will need to hire one (even on a contract or part-time basis), or find a team member who has the capacity and skills necessary to manage your data.

Why? Because if you do not follow GDPR and are caught, you will either be fined 4% of your annual global revenue, or 20 million Euros, whichever number is higher.

How to Ensure Compliance to GDPR

The GDPR could affect every aspect of your organization. Ensuring compliance is no small undertaking. The exact steps to remain compliant will vary from business to business.

Here are a few things you can do. But note that the responsibility to understand the issues and take proactive measures to avoid being fined ultimately falls to you.

  • Familiarize yourself with the GDPR. Read everything you can find on the topic, and understand what you need to do to remain compliant.
  • Audit your data. Have you obtained consent from your prospects or customers with regards to their data? Note that having less data is going to make it easier for you to avoid a violation.
  • Update your processes and procedures. Determine how you’re going to capture personal data, how you’re going to obtain consent, and how you’re going to handle the ongoing management of the data.

Final Thoughts

Regardless of where your business was established, GDPR could have far-reaching consequences for your business. Do not ignore this new regulation. Be cautious and ensure you’re on the right side of the law.

What are you doing to ensure compliance with GDPR? Are you taking proactive steps to protect the personal data of European prospects and customers?

Let us know in the comments.

Comments ( 0 )