Study GDPR and Make Your Own Determination of Business Risk


Update 20th May 2018:

So, how does this affect American businesses?

“The truth is that no one really knows how GDPR will be enforced on American soil, and we likely won’t know until we see the first test case”

The First Practical, Commercial-grade Solution

“U.S. companies without much business in the EU will technically be in violation if they don’t comply because GDPR covers any EU citizen wherever they are. But, practically, Meyer said there will likely be little legal exposure for those US-only firms, since “EU regulators don’t have some huge army.”

While We are not GDPR Experts – We Feel it is Appropriate To Make Sure You Are Aware of the Risks

As you may have noticed there is a lot of discussion online with regard to General Data Protection Regulation (GDPR). In addition, we would observe that there is a lot of uncertainty associated with how GDPR may or may not affect U.S.-based Small Businesses. However you look at it, this is a complicated issue.

There is a lot of uncertainty associated with how GDPR may or may not affect U.S. based small businesses

While we are not GDPR experts or provide consultancy, or risk assessment (data protection officer) at this time, we feel it is appropriate to make sure you are aware it is almost here. We recommend that you study GDPR and make your own assessment of your company’s exposure. To facilitate that process we have provided the following links.

If you would like us to make changes to your website, add or update a privacy policy, we will endeavor to make it a priority.

GDPR comes into effect on May 25th, 2018

Our recommendations:

  • Do not ignore GDPR and assume it does not apply to you
  • Study GDPR and make your own determination of business risk
  • At the very least start by creating a good privacy policy and add it to your website
  • Work through a GDPR checklist
    • There are lots of information online, some examples below

What You Need to Know – Summary

“non-EU companies must comply with GDPR if: 1) they collect or process personal data of any EU resident ~ This compliance is mandated for any EU resident, regardless of EU citizenship. Even an American citizen who’s only temporarily located in the EU is protected by GDPR.”

More useful links

Yes, it does potentially affect you as a small business owner in the U.S.

“Don’t think that just because you’re not a behemoth, they won’t see you ~ How will small businesses with fewer in-house IT and legal resources fare?”

What effect could the GDPR have on small businesses?

“Many small businesses assume that the GDPR does not apply to them. If you are a small business owner that believes this to be the case, you could be in for a shock when the GDPR comes into force on May 25, 2018”

Example of a privacy policy

“We collect certain personal information about visitors and users of our Sites ~ The most common types of information we collect include things like…”

Personal Data Security Guidance for Microenterprises under the GDPR

“If your company is a microenterprise engaged in the processing of personal data, as either a data controller or a data processor, you will be subject to the provisions of the new law”

GDPR countdown: For the small business

“The document, titled Personal Data Security Guidance for Microenterprises under the GDPR, is targeted at companies that have fewer than 10 employees with annual revenue of less than €2 million, or roughly $2.5 million in U.S. dollars.”

Don’t Let GDPR Blow You Away: 5 Tips to Help you Set Sail

“Watch The Webinar On-Demand”

The GDPR Checklist

“This is a basic checklist you can use to harden your GDPR compliance”

Data protection gets personal on May 25, 2018. Will you be prepared?

“Connect with our GDPR experts”

GDPR: What American Organizations Need to Know to Prepare

“Despite the consequences, Gartner predicts that by the end of 2018, over 50% of companies affected by GDPR will not be in full compliance”

What Does The GDPR Mean for California Small Businesses?

“If your company does not do business with any EU residents, one course of action is to purge all EU resident records from all systems ~ the threshold number of data subjects for GDPR compliance is a single EU resident. If there is just one EU subject record in any of your systems, the number might as well be 10,000.”

Ideally, I just want an expert to look at my business and tell me what to do!

“However, it is actually illegal to hire someone to do this FOR you but you can hire an expert to advise you on what to do where. ~ After much deliberation I will probably go with this service”

How EU’s Data Privacy Laws Will Impact US Companies

Video

GDPR – Implications for US Companies

Video

Holistic Web Presence Disclaimer: The content and suggestions above do not represent legal advice. Our goal has been to try to make you aware of GDPR and provide some useful resources and places to get started. We strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.