Legally Defensible Compliance

Does GDPR Apply in the US?

Yes. GDPR (European Union General Data Protection Regulation) is a comprehensive new law protecting the data privacy of EU citizens. GDPR took effect on May 25, 2018.  It consists of 99 articles and will have sweeping impact on U.S. enterprises. It requires that all EU personal data be handled according to the GDPR Data Protection Principles. These includes the famous "right to be forgotten," as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in EU countries, it is not too late to get advice.

Does The California Privacy Act Apply Outside of CA?

Yes. The California Privacy Act of 2018 was unanimously adopted by the legislature and signed into law on June 28, 2018 Similar in many essentials to the GDPR Privacy Principles, as of January 1, 2020, it will require that all CA consumer personal information be handled according to privacy principles. (CCPA/CPRA) These also include the famous "right to be forgotten," as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in CA, it is time to seek advice about data mapping.

Legally Defensible Privacy & GDPR Compliance

If your organization processes the personal data of EU citizens (or soon California citizens), you need to take immediate steps to evaluate whether your organization is impacted by the GDPR or the California Privacy Act. Penalties for noncompliance are not automatic but good faith efforts could mitigate risk.

Before evaluating technology vendors, reach out to a law firm. All inquiries are completely confidential and covered by the attorney-client communications privilege. Even if you have not started mapping data, we can provide you with a top-level risk evaluation and help you get started in the right direction. We can help you document good-faith compliance efforts, draft legal opinions, or provide "comfort letters."

Together with top technology providers, we provide privileged and confidential workshops on data protection and privacy compliance. We can provide strategic assistance developing a compliance plan or compliance blueprint. Please see our whitepaper outlining a blueprint for compliance with the California Privacy Act (CCPA/CPRA)

Confidential Evaluation

Start hereif you already process any "personal data" on EU citizens,  Any website that collects information should be evaluated. Protect your assets and reputation with the attorney-client confidentiality privilege.

Legal Protection

If the GDPR applies to you and you are not fully compliant yet, contact us to create a legally defensible strategy. Let us guide your C-Suite and Board of Directors. Breach concerns, talk to us first.

Cross-Disciplinary Consulting

We seamlessly partner with in-house and external IT, security, and Records & Information Management (RIM) professionals to help deliver solutions that include Privacy By Design. Preparation of Comprehensive Written Information Security Programs (WISP).

Accountability and Audit

The GDPR Principles require you to know what personal data you have and be able to produce it and/or remove it on demand. Record keeping is key to breach notification, information requests, and audit.

Breach Notification

72 Hour Breach Notification.  Perhaps the largest change from any US privacy law. Notification includes the data subject. A pre-packaged and tested game plan is necessary.

Remote or On-site

Even though we love Skype and screen-sharing software for remote meetings, we can meet in your office or your boardroom. Add us to your team.

Start Here:

Schedule a Consultation
Follow by Email
LinkedIn
LinkedIn
Share
Twitter
Facebook