Armanino Blog
Article

GDPR is Coming - Learn What You Need to Know

by Liam Collins
March 19, 2018

Don't get burned by the new GDPR rollout. U.S.-based companies aren't exempt―here's what you need to know about your risks and how to prepare.

What You Need to Know About GDPR

GDPR, or the General Data Protection Regulation, is coming and is being called the biggest change to data security in the last 20 years. Which begs the question, are you ready for the May 25 deadline?

Even though this behemoth regulatory rollout is instituted by the European Union, it will affect many U.S.-based businesses. Here are some highlights to help you determine if these regulations impact your business, and if so, how you can prepare.

Is Your Company at Risk?

Think you're not at risk because GDPR is just for companies located in the EU? Think again. Companies do not have to have a physical location in an EU country to be impacted. If your company provides services to, houses EU citizen data of, sells to, conducts targeted marketing to or contracts through third parties to do targeted marketing to residents within any of the 28 EU countries, then the new GDPR rules (and risk of fines) apply to you.

In addition, being compliant with the EU-U.S. Privacy Shield framework will not fulfill GDPR requirements. The new GDPR has a much wider scope than the EU-U.S. Privacy Shield, and companies that do business, collect data, or market to EU residents will have to comply with GDPR.

Compliance is compulsory, and the penalties and fines are severe (up to 4 percent of annual revenue). If your U.S.-based company meets the criteria above, the deadline to comply is quickly approaching.

4 Steps You Can Take Today

Here are four steps you can take now to prepare your company for compliance.

  1. Assemble a team to evaluate data flows and scope.
    Consultants or internal teams should review data flows to determine where data is being stored, processed and exported. From there, companies can identify which processes and vendors are non-compliant and develop an action plan to shore up these areas. Marketing teams and contractors should also be ensuring that web forms and disclaimers are brought up to compliance.
  2. Document that personal information is kept private.
    There are many automated solutions that can streamline this entire process and capture key data points such as:
    • What personal data do you store?
    • Where is this data stored?
    • How is this data used?
    • Who has access to this data?
  3. Prepare for data breaches.
    Institute a plan to:
    • Detect data breaches.
    • Investigate them.
    • Report the breaches within 72 hours.
  4. Document compliance steps and develop new processes.
    Institute a plan to:
    • Document a Data Protection Impact Assessment.
    • Develop and implement processes to respond to the numerous rights of EU citizens with respect to their data, including the "right to be forgotten," the "right to restrict processing," the "right of rectification," etc.

GDPR is complex, but to simplify this topic and give you actionable items, we've focused on who's at risk and outlined four steps you can take to prepare.

For more in-depth information, below are some additional articles you may find useful. As always, don't hesitate to reach out to the Armanino team if you need help with GDPR compliance.

CSO Online: General Data Protection Regulation (GDPR) Requirements, Deadlines and Facts

Forbes: Yes, the GDPR Will Affect Your U.S.-Based Business

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Authors
Liam Collins - Partner, Audit - San Francisco CA | Armanino
Partner
Resources
Related News & Insights
General Contractor Trends to Consider in 2022 Webinar
Webinar
Hear from experts how you can better manage your subcontracts — and more.

December 16, 2021 | 10:00 AM - 11:00 AM PT
Women in Nonprofit Leadership Panel
Webinar
Aspiring nonprofit leaders should hear the insightful stories of these women industry leaders to empower their journeys.

December 14, 2021 | 10:00 AM - 11:00 AM PT
The Evolution of Gaming Companies
Webinar
From seed-funding to acquisition, position your gaming company for success.

December 9, 2021 | 01:00 PM - 02:00 PM PT