Skip to content

GDPR – Applicability for US SMBs

I run a small US-based business.  I don’t see GDPR ever applying to my company. Can I just ignore it?

Our clients and business partners frequently ask whether the European Union General Data Protection Regulation (GDPR) will impact their business.  To get to a valid answer, we pose a series of questions to help us determine the risk exposure, in light of the new regulation.

A recent Spiceworks survey of US business indicates that 57% of US companies will likely be impacted by GDPR legislation.  Unfortunately, that same study showed that a very small percentage (9%) of IT workers have any understanding of what GDPR requires.  At SCS, we believe that given the short timeline to implementation, the US must act quickly to close the awareness gap and understand the potential risks and impact of GDPR on US business practices.

When GDPR takes effect on May 25, 2018, the European Commission will protect the privacy rights of its citizens; enforcing the regulation around the world with stringent fines and penalties.  Unlike the EU Data Protection Directive, which GDPR replaces, the new regulation’s reach stretches beyond EU borders.  For US companies that collect and process personal data of EU residents, its time to get in line with EU privacy standards, or face the consequences.  If you conduct business in Europe, or you provide services to companies that support European interests, you may be susceptible.

GDPR Fast Facts

Organizational Use Cases – GDPR Applicability

The following chart compares examples of US companies that that may risk compromising privacy rights under GDPR against those organizations that face little to no exposure.  If your organization processes personal information of EU residents, you should actively prepare for GDPR.

GDPR Use Cases Chart

Determining GDPR Applicability for Your Small – Medium Business

SCS has designed the following decision tree to help you conduct a brief self-assessment to determine whether your SMB will be impacted by GDPR.  Although you may consider the personal data you currently process, you may want to consider reevaluation each time a new data set is presented to you for processing.


GDPR Decision Tree


While GDPR continues to be a relatively unknown topic in the US business world, its impact will begin to be felt worldwide later this year (2018).  The lack of widespread knowledge of GDPR’s requirements, the belief by others that their US businesses won’t be affected by the regulation and the general unpreparedness to deal with the strict requirements, particularly by SMBs, may set the stage for huge failure.

The best laid plans have already been laid.  The next best plans will be laid as soon as possible.  Contact Secure Compliance Solutions today.  We can assess your exposure and design a customized program to get you prepared for GDPR.


About Secure Compliance Solutions LLC
Secure Compliance Solutions LLC (SCS) provides a wide range of cybersecurity consulting and managed security services to small and medium sized businesses (SMB) and government agencies, fortifying their Information Security and Data Privacy programs. SCS works with its clients to tailor and implement industry-proven frameworks and standards to meet compliance goals and drive consistent security operations. We raise awareness of current security trends and risks to prepare personnel to recognize and defend against potential security issues. We implement technical solutions and controls to minimize data risks and liabilities. Our Managed Security Service provides “constant watch” against both internal and external cyber threats and attacks. At SCS, we promote a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities to keep your business up and running.