Still Think The GDPR Doesn't Apply To You?

Every business, whether it’s big or small, needs to comply with Europe’s intensive data protection law, if they operate (even in a small way) across the pond.

If you’re reading this article, there’s a good chance you’re not yet in compliance with the EU’s General Data Protection Regulation (GDPR) regulation. Although the GDPR went into effect on May 25, 2018, I have heard many small businesses recently state that they think the GDPR only applies to large, global companies that conduct businesses overseas. Unfortunately nothing could be further from the truth.

The reality of just how widespread the application of the GDPR really is can seem unbelievable. Many small companies by now have heard from other and on the news that the GDPR applies to all companies handling consumer data of citizens within the European Union. For those hold-outs, please note: while there are some portions of the GDPR which do not apply to companies with fewer than 250 employees, the rest of the GDPR still applies to small and medium-sized companies with full-force. In short, if you even touch or my touch the data of any EU citizen, the GDPR requirements likely apply. This is regardless of your company’s size, geographic location, or industry.

The requirements are so wide-spread and the threshold for being subject to the GDPR is so low, it is certain GDPR-compliant measures will be adopted by most U.S. companies eventually.

If you’re on the fence or considering risking non-compliance, consider this: the principles of the GDPR are inevitably sailing their way to our shores. The requirements are so wide-spread and the threshold for being subject to the GDPR is so low, it is certain GDPR-compliant measures will be adopted by most U.S. companies eventually. In fact, California just entered a ballot initiative parroting many of the same measures instituted by the EU’s GDPR.

The difficulty with the GDPR is that, in every single case, compliance is impossible without a thorough audit of a company’s data processes. Some businesses were not built in a way where this is even remotely practical. Some companies will need to rewrite some of their most basic software and systems to be able to comply with the requirements.

Finally, unfortunately for us lawyers, GDPR compliance cannot be achieved by clever privacy policy drafting alone.

But, as with anything, the first step in solving a problem is realizing you have one. If you’re a small or medium-sized company ready to take the steps necessary to become GDPR-compliant, let us help you.

Christina Saunders