The European Union’s General Data Protection Regulation (“GDPR”) is the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR.

To help address that confusion, Bryan Cave has been publishing a multi-part series discussing the questions most frequently asked about the GDPR. We embarked upon the series by polling the data privacy and security attorneys at Bryan Cave about what questions they were fielding most from clients. That exercise generated a list of the top 50 questions. Over the past four weeks we have answered the first half of those questions in tri-weekly articles.

As we approach the 50% mark we thought it made sense to look back at the questions and answers provided so far and tally the popularity of each topic. The following table indicates the number of attorneys (mostly from law firms and in-house legal departments) that have accessed each question:

As the above indicates certain topics have near universal appeal among attorneys and privacy professionals that wrestle with operationalizing the regulation; others are important to niche industries or business types.

If you missed one of the top 10 FAQ’s, you can find a link to each question (in the order of popularity) below:

  1. Does the GDPR data breach notification provision cover the same type of data as United States data breach notification provisions?
  2. What Does It Mean To Be “Established” In The EU?
  3. Is a Service Provider’s Privacy Shield Certification Good Enough?
  4. Are the Standard Contractual Clauses Enough?
  5. Are Work Email Addresses and Business Contact Information Considered "Personal Data?"
  6. If I receive a right to be forgotten request from an employee do I have to honor it?
  7. Are Companies Always Required to Get Opt-In Consent?
  8. Does the GDPR apply if my company has no employees or offices in the EU?
  9. If I Already Drafted a Privacy Policy to Comply with US Law Do I need to Change it for the GDPR?
  10. Do Companies Always Have To Provide a Privacy Notice If They Collect Information About Someone From a Third Party?