New Data Protection Law Going Into Effect On May 25, 2018 – Is Your Organization Ready?

Sunday April 1, 2018 Published in Corporate and Business
Flag USA and Europe isolated on sky background

The European Union’s General Data Protection Regulations (GDPR) take effect on May 25, 2018. GDPR applies to all organizations that collect and process data belonging to EU citizens. This also applies to the United Kingdom post Brexit. It does not matter where in the world the EU citizen may be, if your organization collets the data of an EU citizen, it must be protected. Organizations need to comply whether they have operations or employees in the EU and also if they have a website or app that collects and processes EU citizen data. Penalties for non-compliance are quite severe: If an organization is found to be non-compliant, the fine is the greater of 20 Million Euros or 4% of an enterprise’s worldwide revenue!

Data control and data security go hand in hand and form the basis of the GDPR regulations.

Data Control: To preserve a resident’s privacy, organizations must: (i) only process data for authorized purposes; (ii) ensure that the data is accurate; (iii) minimize the exposure of the individual’s identity; and (iv) implement data security measures.

Data Privacy: To preserve a resident’s privacy, organizations must implement: (i) safeguards to keep data for additional processing; (ii) data protection measures, by default; and (iii) security as a contractual requirement, based on risk assessment and encryption. In addition, a data subject has “the right to be forgotten.”

In other words, an organization cannot keep data indefinitely. GDPR requires organizations to completely erase data from all repositories when: (i) data subjects revoke their consent; (ii) a partner organization requests data deletion; or (iii) a service agreement comes to an end. There are legal exceptions when data cannot be erased, but those exceptions are limited.

As a preliminary matter, it is imperative for any organization to assess the risks to privacy and security and demonstrate that it is in compliance. Organizations are required to: (i) conduct a full risk assessment; (ii) implement measures to ensure and demonstrate compliance; (iii) proactively help third-party customers and partners to comply; and (iv) prove full data control. Further, when a data breach occurs, the compromised organization must: (i) notify the authorities within 72 hours; (ii) describe the consequences of the breach; and (iii) communicate the breach directly to all affected subjects.

The requirements of GDPR are not to be taken lightly. All organizations must now be in a position to address these requirements in order to conduct business with EU citizens. For more information on assistance with this regulation and any other cyber-security and data privacy issues for your organization, please contact Charles “Drew” Hayes at

Wegman Hessler specializes in business law for business leaders, applying legal discipline to solve business problems to help business owners run smarter. For more than 50 years, this Cleveland business law firm provides full-service strategic legal counsel for closely held businesses. Learn more at

Related Stories

IRS halts ERC Claims, and what to do next

IRS Halts ERC Claims Due to Dubious Submissions

Worried About Your ERC Claim? Here’s What You Can Do As a small business owner, you may have come across the Employee Retention Credit (ERC) program offered by the Internal…

Read More

Wegman Hessler Valore Recognized Among “Best Law Firms” in Northeast Ohio

Cleveland — Wegman Hessler Valore is being recognized among the “Best Law Firms” in the Cleveland area for 2024 by U.S. News &World Report. Several attorneys at the firm are…

Read More
NLRB Rules changing - owners need to review employee handbooks to comply

A Significant Change to Employee Handbook Rules: Understanding the New NLRB Standard

By HR attorney Lorraine M. CatalusciWegman Hessler Valore In the continually evolving landscape of labor laws, staying abreast of the latest legislative changes is key to maintaining legal compliance and…

Read More