The EU General Data Protection Regulation (GDPR), with a compliance date of May 25, 2018, will be one of the biggest themes of 2018 in the e-discovery world.
Created to protect European Union residents—not just citizens—the new law extends due diligence obligations and potential liability to data processors, not just data controllers. In addition, its reach extends beyond the EU, in part, because it will cover non-EU organizations processing data related to the offering goods and services to individuals in the EU. It also introduces new requirements for data breach notifications and data protection resources; expands the definition of personal data while narrowing the definition of consent; and more.
The consequence of non-compliance could be devastating sanctions. In short, there’s a lot at risk—and companies need to start preparing to comply immediately (or, preferably, yesterday).
At Relativity Fest, Jason Priebe and Natalya Northrip of Seyfarth Shaw discussed the GDPR and some of its implications for businesses around the world in detail. One example is what the law means when it says privacy needs to be integrated into business operations “by design and by default.” Here’s a clip:
Fully integrating privacy mechanisms into everything your organization does is critical for setting yourself up for success in GDPR compliance.
Get a full roadmap to help you prepare for the GDPR by exploring the whole session.