On GDPR

You, as a valued BridgehoueLaw Newsletter Reader, are likely already familiar with the sweeping changes in international privacy and data collection standards, not just from international news media outlets, but also from our previous articles on Europe’s General Data Protection Regulation (“GDPR”).  It likely comes as no surprise to you that starting back on May 25, 2018, the European Union (EU) now requires all businesses to be compliant with the GDPR if they want to operate in EU member states and serve EU individuals either directly or as a third-party.

However, despite these massive data and privacy overhauls and the media attention that the regulations are attracting, according to a recent survey conducted by Sage, 91 percent (91%) of American businesses still lack general awareness of the GDPR and 84 percent (84%) do not understand the implications of the regulation for their specific business.  

Don’t get caught unaware!

The GDPR is setting new international precedent on how companies collect and use consumer data, and there are a few basic steps that your organization can stay ahead of the curve to maintain compliance:

• Internal Audits - Review your organization’s data processing systems and methods of collecting personal data
• Update Documentation - Review and update your organization's privacy policies
• Training - Develop a training program for your organization’s employees to learn the basics of data protection
• Training - appoint a Data Protection Officer
• Implementation - Train your staff across all departments on any new procedures and/or requirements
• External Audits - Conduct independent audits of all data processes across various departments

Sage survey link: http://www.sage.com/~/media/group/files/gdpr/sage-gdpr-global-research-findings.pdf?la=en