GDPR Compliance

The European Union’s General Data Protection Regulation (GDPR) represents sweeping new legislation designed to protect data rights of EU residents. It affects every organization that interacts with an EU resident in any way, wherever that organization may be. Enforcement started in May of 2018, and fines for failure to be in GDPR compliance can be severe: €20 million or up to 4% of global revenues, whichever is greater.

By law, data subjects (defined as any EU resident) do not relinquish their rights to their personal data and can request this of any organization they have interacted with.  In the US, there is a growing number of regulations that organizations should start to understand which are similar to the GDPR, these include:

• Virginia's Consumer Data Protection Act (CDPA)
• Illinois' Biometric Information Privacy Act (BIPA)
• California Consumer Privacy Act (CCPA)
• Children's Online Privacy Protection Act (COPPA)

Pomerol is actively working with organizations to help them plan for these regulations, perform information audits, train staff, as well as data mapping and overall strategic assessments.  

To start with conversation and allow us to learn more about your situation, send an email to Ryan Skorupan or provide your information through our Contact Us page.

Below are 10 things to do and consider when thinking about modeling a framework for GDPR Compliance:

1. Raise awareness/create alignment
2. Information mapping and data audit
3. Notices & privacy communications
4. Individual rights
5. Legal basis for processing
6. Managing consent
7. Data security & breaches
8. Privacy by design and default
9. Data protection officer
10. Data transfers