The European Union’s General Data Privacy Regulation (GDPR) became enforceable in May 2018, dramatically altering the global data privacy landscape. The stringent new rules apply to many businesses that collect, process or hold the personal data of individuals located in the EU, regardless of whether they have a physical presence in Europe.
GDPR aims to protect the integrity and privacy of data that identifies individuals by increasing transparency, improving accuracy, limiting collection and giving individuals expanded rights concerning their data.
Some key GDPR requirements include:
- Applying privacy and security by design and by default
- Ensuring data minimization
- Establishing a legal basis for handling data
- Providing detailed privacy notices (transparency)
- Preserving the rights of individuals to access, correct, delete and port their data
- Providing 72-hour data breach notification
- Appointing a data protection officer (DPO)
- Conducting a data protection impact assessment (DPIA)
- Entering into data processing agreements with processors
Because many U.S.-based and multinational companies have never needed to deal with many of these issues before, GDPR created a host of compliance challenges for such companies that do business in Europe. Fines for failure to comply may be steep and reach up to 4 percent of global revenue.
Fox Rothschild’s experienced Privacy & Data Security team works with clients to assess their GDPR exposure and design policies and procedures to mitigate risks. We use our detailed knowledge of EU data protection law, coupled with our understanding of the unique challenges it poses to U.S.-based corporations, to create pragmatic, actionable, tailored plans toward GDPR readiness.
Our services include:
- Compliance assessments
- Advice regarding structuring and documenting cross border data transfers
- Privacy by Design
- Review and negotiation of third party agreements
- Employee privacy training
- Drafting or revising privacy notices
- Legal basis analysis
- Data protection impact assessments
- Drafting policies and advice regarding accommodation of data subject rights
- Data mapping