New Data Protection Law Going Into Effect On May 25, 2018 – Is Your Organization Ready?

Sunday April 1, 2018 Published in Corporate and Business
Flag USA and Europe isolated on sky background

The European Union’s General Data Protection Regulations (GDPR) take effect on May 25, 2018. GDPR applies to all organizations that collect and process data belonging to EU citizens. This also applies to the United Kingdom post Brexit. It does not matter where in the world the EU citizen may be, if your organization collets the data of an EU citizen, it must be protected. Organizations need to comply whether they have operations or employees in the EU and also if they have a website or app that collects and processes EU citizen data. Penalties for non-compliance are quite severe: If an organization is found to be non-compliant, the fine is the greater of 20 Million Euros or 4% of an enterprise’s worldwide revenue!

Data control and data security go hand in hand and form the basis of the GDPR regulations.

Data Control: To preserve a resident’s privacy, organizations must: (i) only process data for authorized purposes; (ii) ensure that the data is accurate; (iii) minimize the exposure of the individual’s identity; and (iv) implement data security measures.

Data Privacy: To preserve a resident’s privacy, organizations must implement: (i) safeguards to keep data for additional processing; (ii) data protection measures, by default; and (iii) security as a contractual requirement, based on risk assessment and encryption. In addition, a data subject has “the right to be forgotten.”

In other words, an organization cannot keep data indefinitely. GDPR requires organizations to completely erase data from all repositories when: (i) data subjects revoke their consent; (ii) a partner organization requests data deletion; or (iii) a service agreement comes to an end. There are legal exceptions when data cannot be erased, but those exceptions are limited.

As a preliminary matter, it is imperative for any organization to assess the risks to privacy and security and demonstrate that it is in compliance. Organizations are required to: (i) conduct a full risk assessment; (ii) implement measures to ensure and demonstrate compliance; (iii) proactively help third-party customers and partners to comply; and (iv) prove full data control. Further, when a data breach occurs, the compromised organization must: (i) notify the authorities within 72 hours; (ii) describe the consequences of the breach; and (iii) communicate the breach directly to all affected subjects.

The requirements of GDPR are not to be taken lightly. All organizations must now be in a position to address these requirements in order to conduct business with EU citizens. For more information on assistance with this regulation and any other cyber-security and data privacy issues for your organization, please contact Charles “Drew” Hayes at cahayes@wegmanlaw.com.


Wegman Hessler specializes in business law for business leaders, applying legal discipline to solve business problems to help business owners run smarter. For more than 50 years, this Cleveland business law firm provides full-service strategic legal counsel for closely held businesses. Learn more at www.wegmanlaw.com.

Categories

Popular Posts

Tags

Related Stories

Wegman Hessler Valore is helping a thousand families in need have a happier Thanksgiving this year, taking an active role in supporting and expanding the generous work of one of its business law clients.

Wegman Hessler Valore helping to provide 1,000 Thanksgiving dinners for families in need


Cleveland – Wegman Hessler Valore is helping families in need this Thanksgiving, taking an active role in supporting the generous work of one of its business law clients. When Wegman…

Read More

Wegman Hessler Valore receives “Best Law Firm” for Cleveland honors, four attorneys recognized as “Best Lawyers”


Wegman Hessler Valore, a leading business law firm serving organizations and leaders throughout Northeast Ohio, has again been recognized with “Best Law Firm” honors in Commercial Litigation, Tier One by…

Read More
Understanding the CTA for business owners - business lawyer Cleveland.

Understanding the Corporate Transparency Act: What Small Business Owners Need to Know


As a small business owner, staying informed about new regulations is crucial to ensuring your company remains compliant and avoids potential penalties. One such regulation is the Corporate Transparency Act…

Read More