GDPR Resolved

Does GDPR Apply in the US?

Yes. GDPR (European Union General Data Protection Regulation) is a comprehensive new law protecting the data privacy of EU citizens. GDPR took effect on May 25, 2018.  It consists of 99 articles and will have sweeping impact on U.S. enterprises. It requires that all EU personal data be handled according to the GDPR Data Protection Principles. These includes the famous "right to be forgotten," as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in EU countries, it is not too late to get advice.

Legally Defensible GDPR Compliance

If your organization processes the personal data of EU citizens, you need to take immediate steps to evaluate whether your organization is impacted by the GDPR. Penalties for noncompliance are not automatic but good faith efforts could mitigate risk. All inquiries are completely confidential and covered by the attorney-client communications privilege. Even if you have not started mapping data, we can provide you with a top-level risk evaluation and help you get started in the right direction. It is important to document good-faith compliance efforts.

Confidential Evaluation

Start hereif you already process any "personal data" on EU citizens,  Any website that collects information should be evaluated. Protect your assets and reputation with the attorney-client confidentiality privilege.

Legal Protection

If the GDPR applies to you and you are not fully compliant yet, contact us to create a legally defensible strategy. Let us guide your C-Suite and Board of Directors. Breach concerns, talk to us first.

Cross-Disciplinary Consulting

We seamlessly partner with in-house and external IT, security, and Records & Information Management (RIM) professionals to help deliver solutions that include Privacy By Design. Preparation of Comprehensive Written Information Security Programs (WISP).

Accountability and Audit

The GDPR Principles require you to know what personal data you have and be able to produce it and/or remove it on demand. Record keeping is key to breach notification, information requests, and audit.

Breach Notification

72 Hour Breach Notification.  Perhaps the largest change from any US privacy law. Notification includes the data subject. A pre-packaged and tested game plan is necessary.

Remote or On-site

Even though we love Skype and screen-sharing software for remote meetings, we can meet in your office or your boardroom. Add us to your team.

Follow by Email
Facebook
Google+
https://attorneyoneill.com/practice-areas/technology-law/privacy-and-gdpr">
Twitter
LinkedIn