linked in


October 2018

Better Late than Never: Considerations for GDPR Compliance

By Philip M. Busman, Colton Driver, CIPP/E

For the Defense

Reprinted with permission from DRI – The Voice of the Defense Bar’s For The Defense, October 2018

Europe’s new General Data Protection Regulation (GDPR) has been a major buzzword this year. And as is the case with many buzzwords, a lot of clients and practitioners have likely tuned it out, thinking that it would never apply to them. However, most clients have probably never had to consider data protection issues on this level before, and the GDPR will affect a lot of people who never imagined being subject to this type of regulation. For that reason, writing it off is probably a mistake.

The good news is that even though the May 25, 2018, deadline has come and gone, it is not too late for your clients to get up to speed. And your clients with GDPR-related concerns can rest assured that they are not alone. Up to 80 percent of companies in the United States, United Kingdom, and European Union required to comply with the EU’s new GDPR are not yet ready. See Edward Gately, 80 Percent of Companies Still Not GDPR Compliant, Channel Partners News (July 13, 2018, 13:08); Sue Reisinger, 85 Percent of Companies Not Fully Ready for the GDPR, Survey Says, Legal Tech News (LAW.COM) (May 21, 2018, 16:41). Many of those companies have likely not even started the compliance process. More importantly, the general consensus seems to be that EU regulatory authorities tasked with GDPR enforcement are not ready yet, either. See Douglas Busvine et al., European Regulators: We’re Not Ready for New Privacy Law, Reuters (May 8, 2018, 6:34). For those among us in the same boat, although the clock is ticking, there is still time to develop a basic understanding of the GDPR framework that is sufficient to advise clients on the general steps necessary to get them moving in the right direction.