On May 25 2018 the General Data Protection Regulation will come into force and it's fair to say that our Lexology contributors have embraced the topic with gusto. It’s not that we’re not impressed with the volume and quality of content that our law firm contributors have produced, but we admit we’ll be glad once the hype around GDPR subsides.
With exactly one month to go until the big day, we pose some key questions for businesses and highlight some essential reading from our contributors.
1) Do you have a data protection officer?
If you didn’t already have a data protection officer, do you now have one in place? Are you confident you have recruited a strong candidate given the sudden increase in demand? Are you satisfied they are independent?
Essential reading: 5 things you need to know about Data Protection Officers by Taylor Vinters LLP
2) Have you got consent?
What percentage of your customer list has confirmed their consent? What percentage are you deleting? What exactly is meant by “consent”?
Essential reading: Consent: Article 29 Working Party issues final guidance by Bird & Bird LLP
3) How does your risk register look now?
What do you report back to the board? How strong is your compliance framework?
Essential reading: The 10 steps to achieving a data privacy compliance framework by The Red Flag Group
4) Have you looked at the employment side of GDPR?
Most of the contributions we’ve published at Lexology have focused on the customer data angle, but our in-house lawyer and HR professional audiences have been clamouring for more insight into the employee data side of things.
Essential reading: GDPR HR Series: Employee Information Notices About Personal Data - Your Key Questions Answered by Bryan Cave Leighton Paisner
5) Are you prepared for a data subject access request?
Will you be able to respond quickly to those asking for the data you hold about them?
Essential reading: Discovery and the Data Subject Access Request by Whitney Moore
6) Outside the European Union and not too concerned?
It’s better to check whether your business is caught by the regime. And, post-Cambridge Analytica/Facebook, it is increasingly likely that similar legislation will follow elsewhere in the world.
Essential reading: Does the GDPR Apply to Your US-based Company? by Jackson Lewis
7) WHOIS a casualty of GDPR?
This is not one of our questions but rather the title of an article by Novagraaf looking at the impact of GDPR on domain name registration. The issue was also picked up by Trevor Little of Lexology sister publication World Trademark Review.
Follow all the updates and analysis from leading law firms at our GDPR hub. Staying up to date will be particularly vital once the authorities start marking our cards and enforcement activity begins.
For a deeper dive into the practicalities of managing your approach, listen to ICT Legal Consulting's on demand webinar ‘GDPR: A Strategic Approach to Privacy Compliance for Multinational Companies’.