ARTICLE
24 May 2018

MAY 25, 2018 GDPR Penalties: May Be Significant And So Here Are 10 Things You Should Know

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
My friend Zack Warren (Editor-in-Chief of Legaltech News) recently wrote at Law.com that "While the maximum penalty of the greater between $20 million or 4 percent of an organization's annual revenue...
United States Privacy

My friend Zack Warren (Editor-in-Chief of Legaltech News) recently wrote at Law.com that "While the maximum penalty of the greater between $20 million or 4 percent of an organization's annual revenue may not be widely applied, compliance will still be expected for all organizations that touch EU citizens' data in some way." The May 14, 2018 article entitled "10 Things You Should Know Before the GDPR Deadline Is Here" included these comments about #9 But the Work's Not Done:

Although many in-house counsel are aware of changes that need to be made, those changes still need to actually be implemented.

An Association of Corporate Counsel report released in early May looked at what still needed to be done.

Some 47 percent of respondents reported that, in order to comply with GDPR, they must change data security standards.

Meanwhile, 45 percent said they must change their breach notification procedures to do so, and 43 percent said they need to modify incident response plans.

This is particularly pressing in the health care and financial services sectors, where a separate April survey found that 7 percent of health care companies said they are unlikely to be fully compliant by the deadline, while 3 percent of financial services companies reported they haven't even begun the process to do so.

Here are all 10 things you should know:

  1. The Basics
  2. A Legitimate Interest
  3. The Issue of Consent.
  4. The Data Protection Officer
  5. Your Employee Data
  6. Ensuring Insurance
  7. Firms Doing Double Duty
  8. ALSPs to the Rescue
  9. But the Work's Not Done
  10. A Marathon, Not a Sprint

Lots of companies are working hard to be in GDPR compliance, and some only watching...so it will be interesting to see how GDPR changes the world on May 25!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More