Photo by Fernando Arcos from Pexels

Aug 8, 2018

How GDPR Impacts American Businesses

There is no doubt that the General Data Protection Regulation (GDPR) has generated buzz in the business world since its May 2018 release. In a nutshell, the European Union enforced the GDPR to protect Euro-citizen data that digitally transmitted. Individuals, companies, nonprofits, and anyone else must comply with the GDPR when selling to or monitoring EU citizens.

Examples of GDPR laws set forth include:

  • Anonymizing any private data
  • Obtaining consent when processing personal data
  • Providing data breach notifications
  • Safely transfer data across the border

How to Ensure GDPR Compliancy

The GDPR applies to all companies, all industries and all countries that have EU ties. Not obeying GDPR rules has consequences. Administrative fines are issued based on severity, how many people were impacted, amount of damage and similar factors. This could total up to 4% of annual revenue, or 20 million in Euros. Multimillion dollar corporations may be able to afford that amount, but small business owners could risk going out of business. The GDPR is necessary to comply with even when working with one EU citizen. But unfortunately, a recent Sage survey showed that 91% of U.S. companies lack awareness of the GDPR.

U.S. businesses must be GDPR compliant when:

  • Collecting data from European citizens
  • Marketing goods or services to Europe

From an IT perspective, GDPR compliance applies to anyone from software engineers to UX professionals. An IT department must understand exactly where the data is at all times and how it’s stored and protected.

Other critical guidelines from PC Mag include:

  1. Don’t collect personal information from people from the EU. Don’t allow users to submit information through online registration or contact forms, if possible. Otherwise, create a cloud platform to store this information within EU borders. Cloud storage is useful for e-commerce companies that sell to the EU, and Infrastructure as a Service is a popular platform for configuration.
  2. Use the Privacy Shield when transporting data. This law between the U.S., EU and Switzerland defines how to properly transfer data within those countries. With the EU, it’s better to only transport data that’s required to do the job. Hiring a professional that is an expert with GDPR and can track data being transferred is recommended.
  3. Hire a Data Protection Officer. This individual helps process data in the EU and America, and should create a workflow for removing data that’s not needed anymore.


Achieving full GDPR compliance isn’t a short-term task. Businesses and their owners must work with competent attorneys and IT providers, among other key business partners. When developing a website, it’s helpful to hire an agency that understands the GDPR very well. Doubleberry Interactive fits this mold. Our IT technicians and web developers have been educated on the GDPR regulations since day one, and will deliver a fully compliant website solution. Any business that needs a website that speaks to the European market will feel secure with Doubleberry website design and programming.