Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some entities are not yet aware of the extent to which GDPR may be applicable to them, the GDPR expressly applies to organisations established outside the European Union that offer paid or free goods or services to EU data subjects or monitor EU data subjects’ behaviour.

Within this article, we review steps for a risk based, prioritization approach to GDPR compliance and how companies can adjust their policies and practices on a pragmatic basis to help ensure compliance.

Continue reading.

Print:
EmailTweetLikeLinkedIn
Photo of Romain Perray Romain Perray

Romain Perray has extensive experience in data privacy and data protection law, and lectures on these subjects in Master of Law classes at the University of Paris-I Panthéon-Sorbonne, the University of Paris-II Panthéon-Assas and the University of Paris V Descartes. He advises on…

Romain Perray has extensive experience in data privacy and data protection law, and lectures on these subjects in Master of Law classes at the University of Paris-I Panthéon-Sorbonne, the University of Paris-II Panthéon-Assas and the University of Paris V Descartes. He advises on the full range of data protection and data security for clients in life sciences, automotive, insurance, e-commerce, leisure, social networks and even the public sector, especially in the context of smart cities projects. Read Romain Perray’s full bio.

Photo of Paul McGrath Paul McGrath

Paul McGrath advises clients across a broad range of industry sectors in all areas of contentious and non-contentious UK employment law. His practice covers all aspects of UK employment legislation and day-to-day employment matters, including appointments and terminations, employment status and worker classification…

Paul McGrath advises clients across a broad range of industry sectors in all areas of contentious and non-contentious UK employment law. His practice covers all aspects of UK employment legislation and day-to-day employment matters, including appointments and terminations, employment status and worker classification issues, employee handbooks and policies, employee data privacy, disciplinary and grievance issues, and restructuring and redundancy exercises. Read Paul McGrath’s full bio.

Photo of Mark E. Schreiber Mark E. Schreiber

Mark E. Schreiber focuses his practice on cybersecurity, data breach response and global privacy coordination. He advises entities facing cross-border data protection, Privacy Shield and related issues, strategic decisions, and investigations. Mark has led numerous multi-national and cross-border matters, including those involving data…

Mark E. Schreiber focuses his practice on cybersecurity, data breach response and global privacy coordination. He advises entities facing cross-border data protection, Privacy Shield and related issues, strategic decisions, and investigations. Mark has led numerous multi-national and cross-border matters, including those involving data breaches, and has advised senior management, boards, and special board committees on a variety of investigations, including data breach prevention and response. Mark is a leader of the Firm’s Global Privacy and Cybersecurity practice. Read Mark Schreiber’s full bio.

Photo of Michael G. Morgan Michael G. Morgan

Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches…

Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan’s full bio.

Photo of Ann Killilea Ann Killilea

Ann Killilea focuses her practice on privacy and data protection, and corporate commercial matters, including dispute resolution. Ann has advised multinational clients on enterprise-level privacy assessments, policy development, cloud computing from the provider’s and the customer’s perspective, data-related vendor management, international data…

Ann Killilea focuses her practice on privacy and data protection, and corporate commercial matters, including dispute resolution. Ann has advised multinational clients on enterprise-level privacy assessments, policy development, cloud computing from the provider’s and the customer’s perspective, data-related vendor management, international data transfer compliance and online privacy policy concerns. Read Ann Killilea’s full bio.

Photo of Wilko van Weert Wilko van Weert

Wilko van Weert focuses his practice on EU competition law. He has provided first-class advocacy to corporate clients involved in high-profile international cartel investigations. He has delivered convincing cartel defense analysis and persuasive and vigorous representation of clients’ interests before the European Union’s…

Wilko van Weert focuses his practice on EU competition law. He has provided first-class advocacy to corporate clients involved in high-profile international cartel investigations. He has delivered convincing cartel defense analysis and persuasive and vigorous representation of clients’ interests before the European Union’s enforcement agencies and judiciary. Read Wilko van Weert’s full bio.