Everyone has been to a lot of presentations, read articles and evaluated the General Data Privacy Regulation (“GDPR”) – yet many questions remain.
Many companies continue to struggle with determining whether (1) the GDPR applies to them and, if so, (2) what can be done before the May 25th compliance deadline.
It is not too late to have these questions answered when working with experienced counsel who can navigate the issues at hand. For instance, possession of any European Union (“EU”) resident’s data does not necessary trigger the GDPR. Indeed, making the legal determination regarding the applicability of the GDPR can be completed largely over the phone by discussing key issues and conducting a targeted follow-up investigation. If the GDPR applies, then there are a number of high-impact but manageable tasks that can be accomplished by May 25th. Of course, waiting longer to evaluate these issues only puts businesses at greater risk for the hefty (up to 20 million Euro or 4 percent of annual global revenue, whichever is greater) non-compliance penalties that may be applicable.