GDPR for US Companies – A Simple Guide to Getting Compliant

Over the past few months, every local business we help has asked us, “do I need GDPR compliance in the United States?” Before we dive into GDPR for US companies, let’s take a look at what exactly these new regulations are.

The General Data Protection Regulation (GDPR) is a comprehensive set of new laws is intended to regulate personal data collected from people within the European Union.

Odds are, GDPR first came on your radar back in May, 2018, when every company on Earth seemed to be sending an email with updated privacy policy information. Or, perhaps it was after you clicked your hundredth “I accept these cookies” popup on a website you like.

If you’re an American business, like Goodman Creatives, you may also have wondered “what does GDPR mean for US companies like mine?” I know we struggled with this question, which is why we’ve put together this simple guide to GDPR compliance for US companies.

GDPR for US Companies - a simple guide


What are the key areas of GDPR?

It would be impossible to cover all aspects of GDPR compliance in a simple blog post. The full set of laws is thousands of pages long and would probably put anyone on earth to sleep reading it. That’s why we’ve narrowed it down to a few key points.

In a nutshell, GDPR:

  • Expands the definition of personal data, which now includes anything that points to a person’s professional or personal life, such as names, photos, emails IDs, bank details, social networking posts, medical information, or computer IP address.
  • Defines data controllers and processors and holds them responsible for complying with its regulations.
  • Gives individuals more rights regarding the control of personal data—what can be done with it, and how long it can be kept. For example, if someone in the EU wants you to remove all of his or her personal data from your database, you must do so.
  • Requires businesses to inform regulatory agencies within 72 hours if there is a data breach.
  • States that businesses that collect data must have lawful grounds to have it. There are six altogether, but the three main ones are consent (I agree to let you have my information i.e. checkboxes,) contractual (information is needed to give a quote,) and legal (employees.)

. . . . . . . .

GDPR for US Companies

Due to the global nature of the Internet, businesses operating in the United States are not exempt from GDPR. Even if you blocked every single European IP address, you would still be liable if a European citizen visited your site during a vacation in America.

If you collect, transmit, or otherwise use or store the personal data of citizens of the EU you’ll need to comply with the GDPR or face severe penalties (up to 20M Euro or 4% of global revenue).

I know that sounds pretty scary, but keep in mind that small businesses (having fewer than 250 employees) and those who hold no data from people within the EU are exempt. But that doesn’t mean you should ignore this sea change in data regulation.

Online businesses can sell to anyone anywhere, and you probably want to have that capacity. And, regardless of GDPR for US companies, it’s a good idea to up your data handling and storage game anyway because consumers are becoming ever savvier (and concerned) about what is done with their information (can you say Cambridge Analytics?)

. . . . . . . .

Your Business Apps are Already GDPR Compliant

GDPR compliance for US companies goes beyond your website. It also includes the apps you use – both on your local computers and in the cloud. That’s why cloud computing and storage platforms like Google Suite, Dropbox, and CRM systems like SalesForce are already working feverishly toward full compliance (if they haven’t already achieved it).

Email marketing services like MailChimp and Constant Contact have guides, and WordPress has plugins and other tools to help you manage GDPR for US Companies.

GDPR compliance for US companies


US Businesses and GDPR Compliance

Looking at this significant legislation through the lens of the spirit of the law, rather than the letter, is probably the best (anxiety-inducing) way to go.

Use it as an opportunity to encrypt your data (or improve its encryption), strengthen your passwords, and cull your contact lists. Done well, the entire process can help build greater trust with your customers by being transparent about your data collection and use. Use this as an opportunity to demonstrate that you care about your customers and their data by clarifying and strengthening your privacy policies and consent forms.

. . . . . . . .

GDPR for US companies means that your business needs to:

  • Be open about how you collect data and what you do with it.
  • Know how and where that data is stored, and who is responsible for securing it.
  • Have clear and informed consent—no using business cards collected from here and there to build an email list, or bundling consent forms (using one opt-in for consent to multiple uses of data.)

Get Free GDPR Templates

We did a lot of research, consulted lawyers, and came up with a GDPR Privacy and Cookie Policy that works for us. If you want instant access to the templates, just sign up for our newsletter.

Parting thoughts on GDPR and US Companies

It’s important to remember that the internet police are not going to come and break down your door if you inadvertently collect some data on a random citizen of the EU.

The substantial fines are meant more for big companies, with deep pockets, who collect massive amounts of data. Your company will only draw the attention of regulators if a EU citizen makes a complaint, which is highly unlikely if your business adheres to the principles of the law.

So don’t see this as a panic-inducing nightmare, or something to just ignore altogether. Instead, look at the big picture, and see it as a paradigm shift with regard to personal data, which is something quite valuable and worthy of care. Here’s an awesome infographic to help guide you a bit more.

 

GDPR for US Companies


* Please note, we are not lawyers and are nothing in this post is offered as legal advice or a complete solution for GDPR for US companies. Goodman Creatives assumes no legal responsibility for the use of this information or the templates offered above.

New on the blog

Acro Yoga photography
Featured Resources

5 Business Lessons I Learned Traveling the World

Leaving your comfort zone behind opens new doors into personal insight.
your-therapy-niche-workbook
Featured Resources

How to Choose a Niche For Your Therapy Practice

Step 1 toward getting more paying therapy clients is identifying your niche.
Featured Resources

7 Inspirational “About Us” Page Examples For Your Website

Learn how to write the perfect About Us page by checking out these 6 great…

About Goodman Creatives

Your business has an abundance of moving parts … wouldn’t it be great if someone could manage all of them? From website design to strategy planning, marketing, social media, and beyond, we’re your 1-stop shop for “getting you out there.”

We understand what it means to run a local business and the challenges of growing it online. We happen to help businesses like yours every day.

GO AHEAD ... ASK US ANYTHING

MARKETING

A beautiful website is useless if people don’t visit it. To get more loyal customers, you’ve got to build brand awareness and actively ensure that people find it online. That’s what we specialize in, and our a-la-carte marketing offerings fit any budget.

LEARN MORE
Professional website design for therapists

WEB DESIGN

The internet is our canvas – and our passion is creating beautiful websites that connect deeply with your dream client. Think of it like you’re commissioning a custom work of art, where the end product is optimized to get you more business.

LEARN MORE

Get started for free

No matter where you are in the process, these valuable resources will help you learn all about online marketing and web design … with a few personal anecdotes in for good measure.

BONUS. Sign up now and get instant access to our comprehensive website planner.

  • This field is for validation purposes and should be left unchanged.

GOODMAN CREATIVES

GOODMAN CREATIVES