GDPRWhat is GDPR and why should you care?

GDPR is an acronym for General Data Protection Regulation, and it will impact the way that we share and use data for business purposes in the United States, as it relates to data coming from the EU. As privacy becomes an increasing topic of discourse and discussion, organizations should stay ahead of the curve to not only protect the private information of stakeholders, clients, and employees, but also to protect their business from the legal liabilities that come with having access to and sharing that kind of information.

Is GDPR a concern for your company?
Here’s a quick way to find out:

1. Does your company have any locations in the EU that collect, receive, transmit, use, store, or otherwise process personal data? (The processing does not have to take place in the EU)


No -> Move to #2

Personal data means information pertaining to identity of identifiable person. A person can be identified from information such as a name, ID Number, Location Data, Online identifier like and IP or MAC address, or other specific factors

2. Does your company offer goods or services to individuals in the EU (paid or free)?


No -> Move to #3

Offer must be more than internet access (shipping products in EU, offer service to EU, accept payments from EU)

3. Does your company monitor behavior of individuals in the EU?


No -> GDPR probably doesn’t apply. If in doubt, ask us!

Monitoring is the tracking of individuals on the internet and any subsequent use of the data to profile

When do the new regulations take place and what are you supposed to do about it?

These regulations already exist in the EU, and are coming to the United States on May 25, so…soon! It’s a long and fairly complex piece of legislation that lays out everything that needs to happen regarding your organization’s use of data coming to and from the EU, with no road-map as to how it should happen. Oh great, right? Don’t stress…that’s where we come in.

Most organizations have implemented some security measures and privacy regulations, but the extent to which organizations have kept up with technology security, and where they might be most vulnerable (and liable) is across the board. The only way to find out for sure is to allow the experts to assess your current environment (we call it your Security Posture).

Small to medium-sized businesses are the most likely to be affected, as larger organizations typically have the budget and bandwidth of resources to stay on top of these issues well in advance. But let’s face it, that is not realistic for most SMBs.

What does SMBHD do to prepare companies for GDPR?

SMBHD offers a FREE Maturity Assessment, which asks specific questions about your place of business that can help us identify the gaps in your Security Posture. Once confirmed, we work with you to set a reasonable, executable plan (within budget) to remediate those issues and get you compliant.

Maturity Assessment

After answering some questions, you’ll receive a Maturity Report which gives you a final score. Once this happens, you’ll be assigned a team member to consult with your organization and prepare for next steps, based on where your weaknesses and liabilities currently exist. We’ll then work together on how those issues can be mitigated, step by step.

What happens next?

Phase 1: We’ll further ASSESS your environment and design the right approach.

Phase 2: We’ll IMPLEMENT the approach and transform your technological environment

Phase 3: We GOVERN your technological environment to ensure adherence.

Phase 4: We’ll SUPPORT your ongoing efforts to stay updated and compliant.

For more information regarding GDPR compliance, or to have a conversation with one of our experts, click here and fill out the form for a FREE ASSESSMENT!

Read more on SMBHD Privacy Policy