We\u2019ve been hearing for months the ramifications that the EU General Data Protection Regulation (EU GDPR) will bring to all companies that do business in the European Union now that the May 25 deadline has come and gone. But, it\u2019s less clear how these will affect small and midsize businesses (SMBs). What is clear is that the penalties for non-compliance will be severe for companies of all sizes. But, how can those that don\u2019t have millions of dollars in revenue prepare for this change without making drastic upgrades like hiring a compliance officer?When you think about it, a significant element of GDPR focuses on cybersecurity. They are looking to make companies accountable for their access and handling of a customer\u2019s personal data. The fears of a cybersecurity incident were already high for companies, but they have become even more worrisome when you consider that a data breach violation under the new GDPR regulation could result in a fine as high as millions or four percent of annual turnover. For SMBs, that cost is business ending. One way for SMBs to handle the new compliance requirements is to think of GDPR as another step in their cybersecurity protocol. One that puts their businesses and customers first.There are specific steps SMBs can take to ensure they are complaint with the regulation and a few of the most important include:Have a data process in placeUnderstand what you are collecting, how you collected it and with whom you are sharing that data. Also, take the time the time to evaluate the data that you are collecting from your customers and decide whether under the new regulation if it\u2019s still necessary that you collect and keep that data. The responsible collection of data is the reason GDPR was created so it\u2019s now critical that your process is obvious to your employees and your customers to ensure compliance.Be able to share that data process with customersUnder the new regulation, consumers are able to ask that certain information is not collected or shared. Be prepared to receive these types of requests by having a customer\u2019s data ready to share with them should they ask. More importantly, be prepared to do this in a timely manner. You now only have one month to meet these requests, but if you have your data process is efficient, you should be able to do this much faster.Establish your company\u2019s \u201clawful basis\u201d for data processingOffering opt-out data sharing options are no longer good enough under the new regulation. Instead, GDPR requires that you establish a \u201clawful basis\u201d for processing a consumer\u2019s personal data. This means that you need to have options that allows consumers to choose how long they want their data used by your company and for what purposes that data can be used. It\u2019s important that your customers can easily check their data selections and adjust how their data is processed should their wishes change. Additionally, it\u2019s also important that you be able to describe how it will be used in great detail as customers now have the option to select a narrow use of their data versus the more general use that they were used to before. Take the time to review your data use descriptions and make sure that they still accurately reflect how you are using that data and make adjustments if you can be more specific.Prepare for the worst \u2013 a data breachYou will now have 72 hours to notify the proper authorities that a data incident has occurred. This means that there isn\u2019t time for you to think of how to handle this once it\u2019s happened. To be prepared for what seems like the inevitable in today\u2019s world, your company needs to have an easily-enacted process. All employees within the IT and security departments need to know where this process is, know who internally to notify once they notice an incident and then begin following said process exactly. Do not leave any room for error as this could lead to a massive compliance fine and losing trust from your customers.SMBs are the most vulnerable to the effects of the new GDPR regulation because they don\u2019t have the same resources or ability to hire data protection officers like large enterprises can. However, if you ensure that you are meeting the policies and framework laid out in the laws, should a data breach incident occur, the fines incurred will be less severe and will not end your business. To ensure that you are in a position that you do not incur expensive fines, your team must follow specific steps that show that your company is taking the collection of customer\u2019s personal data seriously and have extensive documentation to prove that.