GDPR Compliance

There are Major Ramifications in Regulations That Impact How Businesses Operate.

GDPR Compliance for US Companies

GDPRAs the world moves towards a more encompassing digital age, an increasing number of companies collect and use customer data. Such data is protected by various regulatory requirements, which set guidelines (and, most often, strict rules) for how the data can be collected, processed, and protected. One of the most stringent legal frameworks dealing with data protection and security is the General Data Protection Regulation (GDPR).

Passed by the European Union (EU) in 2016 and in effect since 2018, the GDPR requires compliance not only by companies based in the EU, but any entity that handles the data of EU persons. Many US companies can be required to comply with the GDPR. Failing to meet the compliance requirements can have serious repercussions, which is why our team at CDG is ready to help with GDPR standards.

Data Protected by the GDPR

A US business or company will have to meet compliance requirements per the GDPR even if the entity’s operations are not solely based in the EU. For example, the provision of goods and services to customers in an EU member state will trigger compliance requirements. Furthermore, if a business can access or processes any personal data of EU customers, it will be required to comply with the GDPR.

GDPR Regulatory Framework

The GDPR regulatory framework deals with the protection of personal data. Said data can include, but is not limited to, names, gender identification, physical and online location data, email addresses, home addresses, political opinions, and cookie information. Essentially, personal data is any sort of information that can identify a person. The GDPR compliance requirements are in place to ensure businesses process and store personal data in such a way that meets data protection principles of accountability, transparency, and confidentiality, among others.

Avoid a Data Breach Event and GDPR Fines:

Complying with the Requirements

For a US company, the first step should be to analyze whether its operations include the processing of personal data for persons in the EU. Certain companies may be required to appoint a data protection officer as well, whose duties have been delineated by the GDPR. Other aspects of compliance pertain to consent, data processing agreements and standards, and the use of appropriate tools and applications.
The GDPR has enforcement mechanisms in place that meet non-compliance with strict fines. To prevent that outcome, our experienced team at CDG will help with the creation of standards and programs that meet all compliance and regulatory needs.

Cyber Defense Group

Cyber Defense Group specializes in Incident Response and Security Engineering, enabling agile businesses to operate at speed. We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.

If you are interested in learning more about how we can help with GDPR Compliance, please call us or fill out the contact form provided. We look forward to helping you.

Security Compliance Types


ISO27001 is an international standard for information security, published by the International Organization for Standardization. Organizations that meet ISO27001 criteria can be certified against the standard to demonstrate their ongoing commitment to data protection and information security.


SOC2 was developed by the AICPA for managing customer data based on “trust service principles”. SOC2 is primarily used for companies operating within the United States.


CMMC is a standard for organizations in the United States which work with the Department of Defense (DoD). The CMMC covers the cybersecurity controls for Confidential Unclassified Information (CUI).

NIST 800-53

In order to prevent mass variance, the National Institute of Standards and Technology (NIST) – a non-regulatory part of the Department of Commerce – constructed a set of standards for all federal agencies to follow: the NIST Special Publication 800-53.


The Health Insurance Portability and Accountability Act is a US law enacted in1996 which governs the data protection and privacy of health records.


The European General Data Protection Regulation is a data protection and privacy regulation for EU citizens. Any company operating within the EU borders must conform to this regulation.


The California Consumer Protection Act is a California data protection and privacy law for residents of California. Most companies which hold information on California residents are subject to this regulation.

CIS 20

The CIS 20 is a list of 20 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented.

Protected Clients

We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.

Contact CDG

We mobilize and launch a complete investigation of any suspected incident within 24 hours.

Incident Response

If you have been the victim of a cyber attack, contact us right now.

EU GDPR | European Union General Data Protection Regulation | GDPR | General Data Protection Regulation