Media Center

IT’S NOT TOO LATE: We can help your business comply with the EU General Data Protection Regulation (GDPR)

June 14, 2018

By Devin Chwastyk, CIPP/US, Louis Dejoie, Thomas Markey, and Sarah Dotzel

Over the last few weeks, we all have been inundated with emails from merchants and websites alerting us to privacy policy changes or asking for consent to use our personal information.  Those merchants and websites are trying to comply with the European Union’s General Data Protection Regulation, which took effect on May 25, 2018.  Regardless of what steps your company has taken toward GDPR compliance, May 25 represents not the finish line, but the starting point.

If your company has taken no steps toward GDPR compliance—or if you’re not sure whether GDPR applies to you—it’s not too late.  EU regulators are expecting U.S. companies to show a good faith effort toward compliance, and the first step is determining whether your company is subject to GDPR.  If your company does any of the following, then GDPR applies: (1) markets goods or services in the EU; (2) has employees or business locations in the EU; or (3) monitors the behavior of individuals in the EU.  If GDPR applies to your company, then you face fines as high as $21 million or 4% of annual gross revenues for non-compliance.  Therefore, if you have taken no steps to comply, there is strong incentive to do so as soon as possible.

If your company has been working on its GDPR compliance program, your work is not finished; GDPR creates continuing obligations, including responding to requests from data subjects and conducting data protection impact assessments.  Additionally, the new European Data Protection Board has already issued new guidance interpreting GDPR.  Organizations must therefore remain conscious of GDPR as their business changes and technology evolves, and new guidance from regulators, initial enforcement actions, and court decisions may drastically change how GDPR affects your business.

Attorneys in the McNees Privacy & Data Security Practice Group are monitoring developments in how GDPR is interpreted and enforced.   Whatever the status of your company’s progress toward GDPR compliance, we are available to answer your questions and help your business navigate the intricacies of this sweeping new privacy regulation.

© 2018 McNees Wallace & Nurick LLC
McNees Privacy & Data Security Alert is presented with the understanding that the publisher does not render specific legal, accounting or other professional service to the reader. Due to the rapidly changing nature of the law, information contained in this publication may become outdated. Anyone using this material must always research original sources of authority and update this information to ensure accuracy and applicability to specific legal matters. In no event will the authors, the reviewers or the publisher be liable for any damage, whether direct, indirect or consequential, claimed to result from the use of this material.