General Data Protection Regulation Attorney
The General Data Protection Regulation (GDPR) took several years to draft and was designed to protect the personal data of EU citizens. The processing, storing, sharing, indeed even saving of such data, is now regulated by 173 recitals and 99 articles on 88 pages.
The GDPR went into effect May 25, 2018, but the world is not done with regulating privacy yet. The EU is already planning follow-up regulation(s), designed to plug any holes left by GDPR and other countries are planning to issue their own rules and regulations pertaining to their citizens’ personal data, as well. These future regulations may/may not work in tandem with the GDPR, requiring companies that operate on a global scale to further define their systems and processes to ensure compliance with all regulations applicable to them.
If you do business with the EU, GDPR probably applies to you. In general, the GDPR requires privacy for EU natural persons’ personal data, both by design and by default, and declares protection of that data a fundamental right. Any violation of a citizen’s fundamental rights may be met with extremely severe penalties, as set forth in GDPR.
The Internet is full of various “Top 10” lists of key GDPR compliance elements, many of which do not agree with each other. To ensure your company fully complies with GDPR, the specifics of how and where you do business should be examined by a GDPR attorney fully versed in all aspects of the GDPR, as set forth in the Regulation, rather than attempt to rely on any given shortcut.
As the GDPR is still fairly new, how and when compliance issues will be tested by a tribunal remain to be seen. Enlisting the assistance of a GDPR attorney to help ensure your company’s compliance with each of the GDPR provisions may help you avoid penalties and/or mitigate a non-compliance complaint.
Contact Susan Larsen for help with GDPR!