Are Unprepared US Businesses Losing Out Because of GDPR?

General Data Protection Regulation (GDPR) was rolled out across Europe at the end of May 2018. This regulation covers any business that holds data about EU citizens, whether based in Europe or elsewhere. Despite being given around two years to prepare and GDPR being in effect since May 25th, one recent study found that only 24% of businesses felt they were fully prepared for GDPR. This suggests the majority of US firms aren’t fully aware of the consequences for noncompliance and could be losing out.  

How Does GDPR Affect US Businesses?

GDPR has direct implications for businesses all over the world, especially if they are found to be working in a noncompliant way. All businesses wanting to operate in EU member states and serve individuals in the EU, both directly or as a third party, need to meet the regulation.

This means that any US business that currently or plans to work within the EU needs to understand the importance of GDPR and have the correct procedures in place. This includes recording all the personal data held, reviewing how it is obtained and stored and putting in place protection against data breaches.

Can It Be Avoided?

Not really. GDPR applies to American companies that make their products or services available to people in the EU, or that collect data EU-based individuals, whatever the purpose. It could be as little as your American company dealing with the personal data of just one EU citizen, GDPR still applies.

Being unprepared or taking a risk to avoid being compliant is a big mistake. You can face fines of €20 million (around $24 million) or 4% of your annual global turnover, whichever is higher. These aren’t punishments and fines that can be easily ignored and for start-ups and SMEs especially, they could quickly bankrupt the business. Being unprepared could be deadly.   

What Should Companies Do?

Firstly, make sure you are GDPR compliant. This will involve updating privacy policies, emphasising the business’ commitment to being GDPR compliant and providing training to all staff members. It could require some extra investment from Liberis to help cover the initial costs, but it’s a better alternative than a $24 million fine.

A training programme and proof of its rollout is essential for protecting your company should there be a data breach. Plus, it will hopefully prevent that happening and keep all the EU personal data you have safe and secure, with no risk of it being mishandled.

Avoid your business losing out on business or finances because of GDPR by making sure it’s working in a compliant manner.

Adam Torkildson