A 6-Step GDPR Checklist for U.S. Businesses

The European Union's GDPR (General Data Protection Regulation) is going into effect on May 25th. Is your business ready?

I know what you're probably thinking: "My business is here in the U.S.," but the reality is, the GDPR is going to impact any business that handles the personal data of EU citizens. And with the coming summer months expected to be a busy international travel season, your business will more than likely get its fair share of EU customers.

To protect your customers and your business, your data protection practices need to be tightened up by May 25th. To get you on track to meet this deadline, we've created a handy GDPR prep checklist that'll walk you through the process.


Audit existing data
To comply with the GDPR, you'll need to start by running an audit on your business's data. This means you'll need to examine what type of personal data you're storing, how you're storing it, why you're storing it, and who's in charge of keeping it secure.

Update privacy policies
Has your inbox been inundated with privacy policy updates recently? The GDPR requires businesses to notify their customers about how they secure and use customer data. For more information, please visit GDPR article 28.

Control employee data access
Control who in your business has access to your data. Implement data security procedures across teams and make sure each employee understands that the business's data is only as safe as the weakest password.

Ensure total transparency
As you're storing your customers' data, it's their right to know how you're using it. Your website needs to state explicitly the how, where, when, what and why of your data practices.

Implement a data breach plan
The GDPR states that all cyberattacks must be reported within 72 hours. To comply with this new law, draft and implement a data breach plan. This should include data lockdown procedures, password changes, customer notification, and insurance agent notification.

Acquire cyber insurance
Given the hefty non-compliance fines, cyber insurance is an important, final step in preparing for the GDPR. Cyber insurance offers crisis management services, lost income reimbursement, legal support, and more.

Use the GDPR as an opportunity to more productively leverage customer data and nurture stronger customer experiences. In doing so, your business will generate longer-term loyalty and higher bottom lines, all while maintaining compliance. For more information on the GDPR, and how it's going to impact your U.S. business, please read our article "3 Ways the EU's General Data Protection Regulation Will Affect Your Business."

     
© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375