Is Your Company Ready for GDPR?

by Josh Schaub

I’m sure you’re saying, “Wait, another alphabet soup of regulation?” Yep. GDPR stands for The General Data Protection Regulation. Heard of it? The topic's been floating around the news over the past couple years, and today it finally becomes enforceable. But how many of you have been paying attention? Hopefully you all raised your hand as this new regulation could have an impact on your business. For the sake of this blog post, let's say you haven't done your homework on GDPR. If that's the case (which I'm sure it's not), we'll start by defining it.

At its core, GDPR is a regulation in European Union (EU) Law on data protection and privacy for everyone living in the EU and European Economic Area (EEA). While that might not sound like a problem for your company, it's another story for companies doing business in Europe, especially if you're collecting personal data from someone living in the EU. This not only goes for commercial businesses, but non-profits, charities, and educational institutions, too. According to the European Commission, personal data is defined as "any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."

Sound like your company? If so, this is definitely something you should be looking into. The new GDPR laws are far more stringent than American data privacy laws. In fact, the penalty for failing to meet the requirements of GDPR can result in a $20 million fine.

And that's not a typo. So how do you avoid shelling out that kind of dough? One essential element to this new law is ensuring your privacy policies and practices not only contain more detailed disclosures, but are also accessible and understandable. The topics you'll likely need to refresh in your privacy policies include:

  • Information about processing of personal data
  • Details about collection and use of personal data
  • Existence of individual rights
  • Contact information of a data protection officer at your company

If you're collecting personal data from someone living in the EU and haven't revisited your privacy policies and practices lately, don't panic. You're not the only one. However, you're going to want to become compliant as soon as you can. That’s where Gutwein Law can help.

If you need help sifting through all the new standards required by the GDPR law, and specifically, need help rewriting your privacy policies, give us a call. We'd be more than happy to help. We can be reached at 651.968.4714. We hope to talk with you soon.