Photo of Paul McGrath

Paul McGrath advises clients across a broad range of industry sectors in all areas of contentious and non-contentious UK employment law. His practice covers all aspects of UK employment legislation and day-to-day employment matters, including appointments and terminations, employment status and worker classification issues, employee handbooks and policies, employee data privacy, disciplinary and grievance issues, and restructuring and redundancy exercises. Read Paul McGrath's full bio.

Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some entities are not yet aware of the extent to which GDPR may be applicable to them, the GDPR expressly applies to organisations established outside the European Union that offer paid or free goods or services to EU data subjects or monitor EU data subjects’ behaviour.

Within this article, we review steps for a risk based, prioritization approach to GDPR compliance and how companies can adjust their policies and practices on a pragmatic basis to help ensure compliance.

Continue reading.