GDPR imposes a long list of requirements on businesses that process data. They include:

• Applying privacy and security by design and by default
• Ensuring data minimization
• Establishing a legal basis for handling data
• Providing detailed privacy notices (transparency)
• Preserving the rights of individuals to access, correct, delete and port their data
• Providing 72-hour data breach notification
• Appointing a data protection officer (DPO)
• Conducting a data protection impact assessment (DPIA)
• Entering into data processing agreements with processors

Because many U.S.-based and multinational companies have never needed to deal with many of these issues before, GDPR created a host of compliance challenges for such companies that do business in Europe. Fines for failure to comply may be steep and reach up to 4% of global revenue.

Fox Rothschild’s experienced Privacy & Data Security team works with clients to assess their GDPR exposure and design policies and procedures to mitigate risks. We use our detailed knowledge of EU data protection law, coupled with our understanding of the unique challenges it poses to U.S.-based corporations, to create pragmatic, actionable, tailored plans toward GDPR readiness.

Our services include:

• Compliance assessments
• Advice regarding structuring and documenting cross border data transfers
• Privacy by Design
• Review and negotiation of third party agreements
• Employee privacy training
• Drafting or revising privacy notices
• Legal basis analysis
• Data protection impact assessments
• Drafting policies and advice regarding accommodation of data subject rights
• Data mapping