A GDPR Compliance Checklist for US Companies: Everything to Know and Do

It’s been just over a year since companies all over the world panicked. On May 25, 2018, GDPR came into effect. A ton of misinformation and confusion ensued, especially for American companies.

In the first six months of GDPR, there were over 95,000 complaints. There were fines ranging from €5,280 to €50 million.

Do you want to clear up the confusion around GDPR once and for all? Read on to discover the ins and outs of GDPR and a GDPR compliance checklist for US companies.

What is GDPR?

GDPR means General Protection Regulation Data. The European Union adopted the regulations in 2016 and tried to give companies ample time to get it together. The drop-dead date for the regulation to take effect was May 25, 2018.

The members of the EU saw technology companies infringe on the privacy of its citizens. GDPR was created to give citizens more control over data.

What are the GRPR Rules and Regulations?

GDPR regulations are complicated, and they can be very confusing. The regulations really force you to examine how you use data and take responsibility for it.

You need to make it clear, in everyday language, how you’re collecting and storing information. You also have to spell out the purpose of the data, and how long you hold onto it for.

If you work with third-party providers, like Google or MailChimp, you still need to mention that. You also have to give users the right to request the information that you’re holding. They can then request to have their data removed.

Severe Consequences of GDPR

What happens if you don’t comply? When GDPR became the law of the land last year, US businesses were running around thinking that they’d get hit with massive fines. That wasn’t the case at first, but enforcement is starting to happen.

There are consequences, some of them severe if you don’t comply and someone files a complaint against your business.

Remember that €50 million fine that was mentioned at the beginning of this article? That big fine was levied by France on Google for violating privacy rights by feeding users with personalized ads without the consent of users.

GDPR Compliance Checklist for US Companies

With so much potentially at stake for your business and your customers, you need an easy set of guidelines that you can follow. Take a look at this GDPR compliance checklist for US companies to get your site in compliance.

Does GDPR Apply?

The first place where US companies should start to assess if they need to worry about GDPR or not. That’s largely determined by the service area. For example, if you’re a shoe store or a gym with a retail location that serves a specific area.

If your website makes it clear that you only serve that area, and you don’t try to get traffic from Europe, then you don’t need to worry about GDPR regulations.

Now, if you have an online shop or offer online training services to clients, then GDPR would apply. Even if you don’t ship products to Europe, Europeans can still access your site. That would make you subject to GDPR rules and regulations.

Multinational companies or blogs that welcome traffic and customers from all over the world need to comply with GDPR?

Are you not sure if GDPR applies to your website? It’s always best to act as if it does apply. That will make people trust your site more if you show that you comply with GDPR.

Audit Your Data Points

GDPR is all about giving users control over their data. Therefore, it’s your responsibility to understand what you’re collecting and how it’s used.

At the very least, you’re collecting an email address if you want people to sign up for your newsletter. You may also have your site hooked up to Google analytics. If your site has ad revenue, your advertising network is collecting data about the users to provide personalized ads.

Go through and find out what data you’re collecting (email addresses, IP addresses, payment information, etc.). You need to know where and how that data is being stored. For example, you may have third-party applications that like an email provider or payment service that handles that data on your behalf.

Review Your Privacy Policy

Your privacy policy needs to make it very clear in plain language what data you’re collecting. It also needs to state how someone can obtain the data you’re collecting and how they can be removed.

Limit Access to Data

One way to ensure that your data is secure is to limit the number of people who have access to said data. You should assume that data access is done on an as-needed basis.

Plan for a Data Breach

The way technology is going nowadays, it’s a matter of when not if you’ll have a data breach. A data breach could do serious damage to your business.

It could be devastating if you don’t have a plan to deal with the breach when it happens. Your systems have to be set up to detect a data breach quickly, understand the data impacted, and notify users and a data supervisory authority within 72 hours.

You can read more here for an in-depth look at GDPR compliance.

GDPR Compliance Doesn’t Have to Be a Nightmare

Privacy laws are changing all of the time. It can be hard to keep your site in compliance with all of the rules and regulations.

One of the most drastic regulations was from the European Union, in the form of GDPR. That can be confusing for US companies to know if GDPR applies to US companies.

This GDPR compliance checklist for us companies addressed some of those questions and hopefully cleared up the confusion. Basically, if your company welcomes web traffic from Europe, GDPR applies.

You want to make sure that you audit how you collect data, update your privacy policies, and plan for a data breach. You should also know how to delete data or guide people to the sites that collect their data.

Are you ready for more small business tips? Head over to the Training and Programs section of the site for courses that will show you how to grow your business.

Adam Hansen

Adam is a part time journalist, entrepreneur, investor and father.