to main page send e-mail Last Updated:  Monday, June 1, 2020
The original Maxi Mover - low floor 3.5T Luton van sales

The independent voice of the global moving industry


Understanding GDPR and compliance tips for US-based businesses

Jan 15, 2019
Brandi Thorne from Aires provides some guidance to help US-based companies get to grips with GDPR.

Understanding GDPR and compliance tips for US-based businesses

GDPR – four letters that have been a major topic of discussion for businesses since the end of 2016. But, what is it exactly? Schellman & Company, one of the top leaders in the US compliance industry, wrote a comprehensive blog post dedicated to demystifying this topic.

According to their post, the General Data Protection Regulation (GDPR) has been in effect since May 25, 2018 and was designed to uphold personal information rights of individuals and further unify the member states of the European Union (EU) in their endeavour to manage and protect data. So, the goal is to protect the information of EU citizens. Seems pretty simple, right? Well, not exactly. How GDPR affects US-based businesses is an even bigger conversation and deserves further exploration to understand the rules for compliance.

The United States is directly affected by GDPR because this privacy law is applicable to any business in the world that works within the European market. The data breach notification requirements are more stringent and will require that most US companies amend their policies to be compliant. 

Naturally, the next question is how a US-based business becomes compliant? It is recommended to visit an official site, such as, to learn about the process to become GDPR compliant. Since most of us are looking for straightforward points on how to do anything these days, Maureen Data Systems (MDS) summarizes GDPR compliance by asking these five questions:

  1. Where does your data live? Where you store data and its relevancy to GDPR is very important. Applicable data could be in several locations within your business.
  2. How do you take action? Once you have located your data, you can take action on how it is shared. You should delete ROT (redundant, obsolete and trivial) data.
  3. What is the current policy? The next step is to decide how you will handle the information. Consider the type of data you collect as well as how you handle and hold information. Storage of data and the length of time are a part of your policy review as well.
  4. Is your data securely stored? Ensure that your data security is positioned for success. It is recommended that you have an ambassador for your security programme to ensure that all systems are secured – especially with recent increased threats for cyber-attacks.
  5. Can you provide reporting? Ensuring a business is compliant means reporting should be provided to show regulators all steps that are being taken to meet the GDPR requirements.

Penalties and fines associated with this regulation can be in excess of 20 million euro or 4% of your company’s net income. So, take action! The sooner you invest in these compliance measures the better for your clients – and your business!

Brandi Thorne
Photo:  Brandi Thorne, Aires


     Click here to send us your stories
     20,615 page views April 2020
     List of advertisers
     Directory of suppliers
ISS Relocations: UAE, Oman, Qatar, Bahrain, Kuwait and India
Cookies: This site uses non-invasive cookies to provide an enhanced visitor experience and to measure site performance.  By viewing this website you are agreeing to our use of cookies in this manner.  For further information on how cookies are used on this site, please see our privacy policy.
Privacy Policy  |  Terms of Use  All material © 2011 The Words Workshop Ltd.