5
GDPR - Pocket Edition
INTRODUCTION
Alston & Bird is pleased to offer you this handy pocket version of the General Data
Protection Regulation (GDPR).
The privacy community has long awaited the adoption of the GDPR, which will
apply EU-wide as of May 25, 2018. As the countdown proceeds, the impacts the
GDPR will have on businesses are becoming evident. It is clear that the GDPR is
an unprecedented game-changer that will raise data privacy to the top of the
compliance agenda over the next few years.
As companies work to bring their processing operations into conformity with the
GDPR, they should keep in mind the intention of those within the EU that worked
so hard to pass the GDPR. The GDPR considerably enhances the privacy rights
of individuals, who will have more control over their data. While no processing
operation is immune to challenge, companies that focus on GDPR compliance early
on will be in a stronger position to address complaints and controversies.
The GDPR has a strong harmonizing potential. To date, companies have often
struggled to comply with the many, sometimes conflicting, obligations imposed
by local privacy regulation within the European Union. In many respects, the GDPR
should simplify multijurisdictional compliance. The GDPR also removes certain
burdensome, red-tape requirements that exist under current legislation, such as
notification and export permit obligations.
At the same time, the scope and details of some GDPR obligations are yet to be
defined and raise substantial uncertainty. Companies will also be subject to new
requirements, such as breach notification, prior consultation with supervisory
authorities and direct liability for processors. Furthermore, the possibility of very
high sanctions (up to 4% of a company’s global turnover [revenue]) will accentuate
business concerns, and may lead companies to take conservative interpretations of
GDPR requirements.
Clearly, timely action is called for. The GDPR will require companies to do more than
just update privacy notices and policies. Effective compliance will necessitate broad
and continuing stakeholder engagement as well as operational and system changes.
Alston & Bird’s privacy team is deeply engaged in GDPR (and other EU privacy
matters) on behalf of a number of clients. We are well-placed to do so with a full
team in Brussels and the United States.
–Alston & Bird Privacy and Security Team