Last month's QuickLaunch University webinar focused on European data privacy legislation and more specifically, the ambitious General Data Protection Regulation (GDPR) that goes into full effect on May 25, 2018. WilmerHale Partners Dr. Martin Braun and David Gammell discussed the key issues that emerging companies should consider as they prepare to comply with the new requirements. Here are a few things you need to know to prepare for the GDPR today:
- Understand the definition of "personal
data." Personal data includes name, email, and
telephone numbers for example, but under the GDPR it can also
include IP address or device ID. The GDPR also applies to other
types of data subject to additional protection, such as health
data, sexual orientation and racial background, if it can be
attributed to an individual.
- Document your data. Under the GDPR, the entity
controlling the processing of personal data needs to be prepared to
demonstrate compliance with the requirements, which is called the
accountability principle. Understand your systems and the type of
data you have, and document who has it, why they have it and who
has access—this is a crucial preparation step.
- Communicate. We expect to see many updated
website terms and conditions and privacy policies over the next few
months. Review your current policies, including those related to
consent, and assess whether any changes are required before May
2018.
- Make data privacy a boardroom issue. Fines for noncompliance with European data protection regulations will increase dramatically under the GDPR and your ability to comply with the GDPR may affect how investors view your company. Ensure that everyone in your organization understands the company's obligations and the steep risks associated with noncompliance.
WilmerHale's Privacy and Cybersecurity Law Blog is a resource for updates on US and European data privacy regulation. Read the most recent GDPR update, " The Article 29 Working Party Releases Draft Guidelines on the Application and Setting of Administrative Fines."
To learn more about GDPR preparation for startups, listen to our webinar recording or download the webinar materials, and follow our Launch blog for key takeaways on other topics relevant to the startup ecosystem.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.