GDPR Compliance Task Force

Womble Bond Dickinson
Contact

7 Months To Go

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

The Directive did not regulate US businesses unless the collection or processing occurred within the EU (e.g., if a US-based company had a data center in the EU). Now GDPR clearly has stronger extraterritorial reach than its predecessor.

Businesses collecting and using personal data should know their GDPR obligations. Violators of GDPR face steep penalties. Regulators can fine a company up to 20,000,000 euros or 4% of worldwide annual turnover, whichever is higher.

Follow our three-question flowchart to see if GDPR applies to your company.

GDPR Flowchart

ARE YOU REQUIRED TO DESIGNATE A DATA PROTECTION OFFICER?

Follow our three-question flowchart above to see if GDPR applies to you.  If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies. 

Follow our five-step flowchart below to see if you need to designate a DPO:

GDPR Designate DPO

A major change with the GDPR is that data processors now have direct legal obligations under EU privacy law. This is a significant shift from the current EU Directive which only directly obligates the data controllers. Non-compliant data processors face significant fines of up to 4% of global annual turnover or 20,000,000 euros, whichever is higher and may be directly liable to individuals for damages. 

If the GDPR applies to you, review our checklist below summarizing the data processor’s obligations.

GDPR Checklist

Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. 

GDPR Vendor checklist

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Womble Bond Dickinson | Attorney Advertising

Written by:

Womble Bond Dickinson
Contact
more
less

Womble Bond Dickinson on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.