{{insights.date}}
{{insights.type}}
{{insights.contentTypeTag}}
The EU’s General Data Protection Regulation (GDPR) came into force on May 25, 2018. The GDPR imposed new and significant obligations on businesses operating both inside and outside the EU, and stiff penalties for non-compliance.
The GDPR affects every business and public body that processes the personal data of EU residents, including:
- Every employer in the EU
- All businesses that offer goods or services to individuals in the EU or that monitor their behavior, including companies that have no presence in the EU
- All businesses that process the personal data of EU individuals on behalf of other businesses
Our data protection experts have assisted small to medium enterprises (SMEs), multinational companies and global organizations to understand and implement practical approaches to meet the challenges and opportunities that the GDPR presents.
How We Can Help
- Gap analysis – Assessing current practices against the GDPR requirements, identifying gaps, developing a streamlined work plan to address those gaps and providing comprehensive templates that will enable your organization to efficiently address compliance issues
- Data mapping – Assisting to create a record of your processing activities, as required by the GDPR
- Data protection officer (DPO) – Advising on compliance with new mandatory DPO requirements
- Data transfers outside the EU – Advising on and implementing appropriate data transfer solutions
- Consent – Reviewing existing consents, advising on alternatives to individual consent for processing and, where necessary, implementing mechanisms for obtaining explicit data subject consents
- Notice – Reviewing and redrafting privacy notices to include the new mandatory information required by the GDPR
- Vendor compliance and management – Developing template vendor agreements to address GDPR requirements and manage risk within your organization, including key provisions, such as data ownership, liability for breach of data protection or security requirements and notification requirements for a security incident, and reviewing or revising existing contracts
- Data subject requests – Developing systems/processes that will enable your organization to respond to access, erasure and portability requests in the manner and within the timeframe stipulated in the GDPR
- Data protection impact assessments (DPIAs) – Evaluating whether processing qualifies as “high risk” and, if so, developing appropriate DPIAs, and assisting you with any consultation with the data protection authority required
- Data incident response – Creating a robust data breach response plan that will help your organization meet the 72-hour notification deadline
- Privacy by design – Advising and assisting in developing procedures relating to privacy by design and by default
- Security assessments – Assessing the adequacy of your security controls and the arrangements with your service providers/processors, including providing security compliance checklists
- Email marketing/cookie policies – Advising clients on the development of email marketing campaigns and cookie policies/consents for compliance with EU privacy laws
Why Choose Us
- Our global footprint allows us to provide assistance in the jurisdictions where you do business
- Our experience advising numerous SMEs, multinational companies and global organizations with GDPR compliance will translate into efficiencies for your organization
- Our commercial knowledge allows us to help you manage your data to leverage its value while meeting your compliance obligations
- With deep roots in the EU, we are able to assist you in developing good working relationships with EU data protection authorities (DPAs) and other regulators
- Our well-connected EU Public Policy team can help you have a voice as the regulations are developed