What Is The Impact Of GDPR On U.S. Businesses?

What Is The Impact Of GDPR On U.S. Businesses?

Last week, we explored GDPR – an acronym you’ve probably heard once or twice (or 50 times) over the past few months. Today, we’re going to look at the impact of GDPR on U.S. businesses. But first, if you didn’t catch our article, here’s a brief refresher:

  • GDPR stands for General Data Protection Regulation
  • GDPR is a set of strict rules that gives citizens of the European Union more control over how their personal data is collected and used by companies
  • GDPR impacts any company that has consumers in the EU


At its core, GDPR’s goal is to protect EU citizens’ data. Since data can be transmitted and shared across countries, indeed, across the globe, any company, no matter where they’re located, that has consumers located in the EU are subject to GDPR.

If your company’s client or customer database includes contacts in the EU, you’ll want to do two things immediately:

  • Look into how your company is handling consumer data protection. We’ll look at ways to ensure you are GDPR-compliant in a future article.
  • Keep reading to understand how GDPR can impact your business.

How Can GDPR Impact My Business?

Here in the U.S., many of us have become accustomed to businesses leveraging consumer data for a variety of reasons – most commonly, to fine-tune targeting and boost revenue.

Essentially, this entire concept has been turned on its head in the wake of GDPR.

While GDPR won’t impact the way your business interacts with U.S.-based consumers, it will impact you and any company that offers products or services to citizens of the EU.

What Is The Direct Impact Of GDPR?

Bottom line: Businesses that fail to adhere to GDPR face stiff penalties – the largest to ever be put into place since the dawn of digitization. How large? Whichever is greater: up to 4% of your annual global revenue or 20 million Euros. Seriously.

What Is The Indirect Impact Of GDPR?

Monetary penalties aside, GDPR has far-reaching implications of how businesses engage with consumers. GDPR ensures EU citizens have a new series of unequivocal rights, including but not limited to the right to:

  • Be informed before any of their personal data is gathered
  • Access their personal data from your database
  • Ask you exactly how their personal data is being used
  • Have their personal data transferred from one service provider to another
  • Have their personal data amended or updated
  • Be informed if there is ever a breach that compromises their personal data
  • Request that their personal data be maintained but not used
  • Request that you stop using their personal data at any time
  • Request that you delete their personal data

Did any alarm bells go off while reading that list? That’s because nearly all of these rules can have a significant impact on the ways in which you market to potential or existing customers and clients.

Complying to GDPR requires much more than some IT tweaks or the addition of a few disclaimers to your website. Based on your current marketing operations, your company may be looking at a complete overhaul of tactics and strategy. (We’ll dive more deeply into specific GDPR compliance tips in the future.)

But one thing you can do to prepare is to assess your existing databases to get a sense of what kinds of personal data you already have on your consumers. Data protection software like Avexta’s DataSense is a great place to start.

DataSense can quickly and thoroughly scan your servers for personally identifiable information, including social securities numbers, birthdates, passport numbers, IP addresses, and other types of data.

Interested in learning more? Find out how Avexta can help you meet your GDPR requirements.