Are you affected? GDPR for US companies

All businesses should take a hard look to see if and how they are affected by GDPR now that is is in effect.

GDPR (or the General Data Protection Regulation) is a law governing the data protection and privacy for people in the European Union (EU) and European Economic Area. This regulation has been officially in effect since May, 25th 2018. But, this law doesn’t apply only to businesses in the EU, there are impacts from GDPR for US companies.

Our GDPR expert, John Prejean, says that any business associated with the EU needs to comply with the law. “There are serious consequences for violating the regulation,” John says, “including hefty fines, up to $20m euros or four percent of global revenues, whichever is higher.” And, of course, potential damage to a company’s reputation.

GDPR For US Companies: Is Your Business Affected?

Any US company with a connection to the EU (including subsidiaries, customers, and suppliers) must comply with the regulation. It’s important to take a deep look into your customers and suppliers, in particular, to see if they are tied to the EU. In this global economy, it’s simply not safe to assume you’re unaffected.

In A Nutshell What Does GDPR Cover?

GDPR Is all about data protection and privacy. Basically, it requires the businesses to know and document where their data is stored and how and where it moves. “Outside the need for GDPR compliance, this foundational requirement is extremely valuable to the organization,” John says.

You’ve probably noticed more and more websites requesting you opt in or out of allowing the site to capture cookies. This is in response to one of the main components of the GDPR: consent. Clearly defined consent is required for all GDPR affected businesses, but it also helps to gain customer confidence.

Why GDPR Is Important For US Companies, Regardless of Regulation.

Even if your business is completely untied to the EU, and the GDPR change does not affect your business directly, it can still be helpful for your company. It’s unwise to view the GDPR as a big, scary, negative change – many businesses can benefit from following GDPR practices!

John says that the fines for breaking the GDPR law are “only part of the cost the business
would incur with a data breach”. He explains that GDPR gives investigative powers to the Member States’ supervisory authorities. These authorities may discover the breach. But, it is more likely that a 3rd party would report a breach, or submit a complaint to the authorities. Companies are obligated to comply with requests from authorities for GDPR related compliance information.

Having a data breach isn’t cheap. There is the cost that comes with finding the breach in the first place. Then there are the post-breach costs, any business lost due to the breach, and any litigious expenses. Having a data breach is not good for business, regardless of GDPR.

How To Comply With GDPR Regulations:

As John says, most of the stipulations in GDPR for US Companies are just good, solid business practices. Really, it shouldn’t be totally new to a business, as there should already be some data security and privacy measures in place. We like to think of it more as an opportunity to make data security part of the company culture. Shoring up your data security and privacy practices have many benefits, including saving money, resources, and your reputation.

When we’re working with GDPR compliance, the first thing we do for a client is a full risk assessment. This includes evaluating the staff, processes, and their technology. It allows us to identify any holes in the process and determine associated risk. Knowing these weaknesses is half the battle! From there we can create a plan to address any compliance and security issues. This gives us the ability to work with the business to prioritize the timing and resources needed to become compliant.

Should A Novice Try To Comply Alone?

In the grand scheme of things, the concepts covered in GDPR for US companies are pretty simple and easy to understand. The main difficulty we find with most compliance clients is the identification of vulnerabilities in their processes. It can be difficult to seek these out without a trained eye, let alone correct the problem. Seeking expert help can save a lot of time and money.

Data protection is so important to us, we created a basic set of data protection principles ready to plug into a business. We also ensure that compliance becomes part of the company culture. To do this we always have training sessions with our clients to help staff members understand the importance of their role in maintaining compliance. We usually find there is a misconception that being compliant is a one and done exercise, but a major component is a shift in culture. This is one reason why ongoing training is one of the most critical areas to get right.

Whether or not you need to worry about GDPR for US Companies, data protection, and privacy are critical business practices. In some ways, we can thank the GDPR for forcing many companies to think about how they’re using data while doing business. Data security affects all the people in an organization from accounting to sales to legal andIT.

Need help getting your data security on point? Let’s talk about different solutions for your business.

Create an emergency preparedness plan for your business

When disaster strikes, the last thing you should be worried about is how it will affect your business.

As a New Orleans IT firm, we can tell you from experience that when a natural disaster occurs, your people and your family come first. Making sure your business and IT systems have a clearly defined emergency preparedness plan ready in case of any extreme event saves you time, money, and heartache after it’s done. As our IT disaster preparedness expert Charles Andrews (Andy) says, “the biggest problem is the one you aren’t prepared for.”

Read on to learn why you need a disaster preparedness plan and to download our FREE checklist!

Who Needs To Be Prepared For A Disaster?

Different areas of the US are more or less likely to have significant weather events that can cause an IT disaster. We’re in the heart of hurricane country, but events like tornadoes, earthquakes, and wildfires can be disastrous for businesses all over the country.

But, no business can afford to ignore creating an emergency preparedness plan. Even if your business is located in an area that doesn’t often see natural disasters there are still vulnerabilities. Anything from fire, gun violence, and terrorism can affect a business, their people, and their data.

Every potential disaster comes with its own set of challenges, but, we strongly feel that it’s better to be prepared for the unexpected than it is to do damage control after it happens. We believe every business needs an IT disaster plan to be integrated into their overarching disaster plan that should address their people, processes, and technology.

The First Thing A Business Should Do:

First things first, you need to know your risks. Doing a risk assessment lets you know the potential impact to your business of not being prepared. In our experience the biggest issues are:

  • The business has no emergency preparedness plan in place.
  • The business has a plan but doesn’t fully cover all three prongs (people, process, and technology).
  • The plan relies on the wrong technology or relies on recovering data in a way that isn’t in line with actual IT capabilities.
  • The plan is untested, or not fully tested.

It’s critical that your employees know their role in preparing your business for potential disasters. We often see coastal businesses focus on hurricane preparedness but neglect planning for other unexpected disasters.

Disaster Affects Every Aspect Of Your Business

When a disaster hits, very little is untouched. There are the obvious issues with the loss of sales or income from the business being down. You can also find revenue delayed if there is a disruption in the supply line, or your customers were likewise affected by the disaster. Plus, you may find yourself with a lack of cash flow as you wait for insurance to kick in.

But, it’s not just a money waiting game. You’ll likely have increased expenses from cleaning up, purchasing new equipment, recovering damaged inventory, and paying overtime if necessary. You could also experience contractual penalties if you have a major contract as a vendor or supplier. Delays in providing your product or service could breach a contractual agreement.

What’s The Biggest Weakness When A Disaster Hits?

Any physical part of your business that can be affected is going to be a huge problem. From our experience, we’ve found that the weakest link is having critical IT systems on physical servers in the office. If you have any critical applications or data saved only on a local server, you need to take the physical machine with you when you evacuate.

If that server is damaged by any physical attack (fire, water, even terrorism) it can be devastating for a business. We have even seen simple events like a hardware failure, electrical surge, and accidental user deletions make physical servers extremely problematic.

What About Data Recovery?

Although data recovery is possible, you’d be depending heavily on luck! It’s not as simple as restarting your computer. There is usually a significant expense and time used to recover data after a disaster if no other backup is used.

What You Should Do Instead

We firmly believe that you shouldn’t have a physical server on-site that houses your critical systems. Andy says that off-site backups are by far the best step to take when protecting business data. For such a significant safety measure, off-site backups are an easy and inexpensive process to implement.

Keep It In The Cloud

Utilizing the cloud makes off-site backups easy. Systems are stored in specialized facilities (or data centers) and most data centers have off-site redundancy. This means your information is stored on multiple servers in different locations, which makes sure that your data is safe even if one server goes down.

This is also important for businesses with multiple office locations. Having multiple servers can be a huge risk if a disaster hits. In order to protect your data, you would need to set in place failover options between locations, which can be expensive to implement. Plus, these systems need to be constantly monitored and routinely tested to ensure that they’re working. Instead of having a server down in one area affecting all the others, using the cloud eliminates a lot of challenges.

We Know From Experience

Over 10 years ago, Hurricane Katrina forced us to put our own emergency preparedness plan into action. We had to take our servers with our critical systems with us, which taught us just how important it is to use the cloud. Those precious hours you have to prepare need to be spent on family and your own personal belongings, not hauling servers. After Katrina, we became early adopters of cloud technology, and we’ve used it ever since. We store everything in the cloud including all of our client documentation, automated monitoring systems, and service call systems.

Our Emergency Preparedness Plan

When hurricanes threaten our area, we start implementing our plan early. Our emergency preparedness plan includes two different teams. One team assists our clients who are disaster preparing, and the other focuses on our business. We all know our own roles and we practice year-round to keep us fresh and ready or any unexpected disasters.

We have created specialized programs that monitor our clients’ IT systems and often correct any hiccups before they become problems. This way, much of our work can run on auto-pilot for a short period of time if necessary.

Also, we use hosted VOIP phone system and online chat. This allows us to stay in contact with our clients and our team without relying on cell service, landlines or other local systems. Lastly, we have a prearrangement with technical resources outside our own company. This 3rd party service can handle our client requests while we are in crisis mode taking care of our own families.

FREE Disaster Preparation Checklist

We know just how important it is to keep your business safe. Download our emergency disaster checklist to make sure you’re prepared if disaster strikes.

A disaster can hit anywhere at any time. We know your first priority is keeping your people and your family safe through the storm. To make sure your business is kept safe too you must have your emergency preparedness plan set in advance.

Interested in your company’s risk in a disaster situation? Let’s chat.