Are Your Clients Prepared For The EU's General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is now in effect. It enhances data protection and privacy for individuals within the European Union (EU) and governs all aspects of protecting personal data that can be used to identify an individual. The GDPR applies not only to companies doing business in the EU, but also to any organization that handles personal data of individuals located in the EU.

Under the GDPR, personal data means any information relating to an identified or identifiable natural person. Examples include a person’s:

• Name;
• Identification number;
• Location data;
• Online identifier;
• Reference number;
• Physical factors;
• Genetic factors;
• Mental health or intellectual abilities;
• Ethnicity; and
• Socio-economic class.

An article in the Summer edition of the Lexis Practice Advisor Journal, The GDPR Compliance Deadline Has Arrived—Are You Prepared?, written by Ice Miller LLP partner Nicholas R. Merker, addresses key compliance issues for organizations, such as:

• Determining if it is a data controller or a data processor, or both
• Creating a data map for personal data;
• Providing meaningful notices and implementing valid consent mechanisms for the processing of personal data;
• Updating vendor contracts; and
• Appointing a data protection officer.

In addition, the Lexis Practice Advisor Journal provides Lexis Practice Advisor resources to assist legal counsel in navigating the GDPR.  These resources include:

Introduction to the GDPR. This practice note discusses the definition of personal data, the new concept of pseudonymous data, the rights of data subjects, including the right to erasure/right to be forgotten, the role and responsibilities of data protection officers, and guidance on responding to data breaches.

GDPR Compliant Privacy Policy. This GDPR compliant template is a privacy notice that provides data subjects with information on how an organization collects personal data, what they do with it, and with whom it may be shared. This privacy notice is designed for a wide variety of circumstances and includes drafting notes and alternate/optional clauses.

Data Protection Principles under the GDPR. This practice note examines the seven data protection principles outlined in the GDPR:

• Principle 1: Lawfulness, Fairness, and Transparency
• Principle 2: Purpose Limitation
• Principle 3: Data Minimization
• Principle 4: Accuracy
• Principle 5: Storage Limitation
• Principle 6: Integrity and Confidentiality
• Principle 7: Accountability

Consent under the GDPR. This resource covers data subject consent issues, such as when consent cannot be obtained, the processing of sensitive personal data, how to demonstrate that consent was freely given, allowing data subjects to withdraw consent, and obtaining consent from children.

Data Portability under the GDPR. The right to data portability is intended to benefit individuals by allowing them to obtain a copy of data about them and use it for their own purposes across different services. This practical guidance examines an individual’s right to data portability under the GDPR, its exemptions, and practical issues arising from portability.

Sanctions and Enforcement under the GDPR. The GDPR imposes significant fines for non-compliance. This practice note explores the creation and duties of supervisory authorities, their investigative and corrective powers, criminal sanctions, administrative fines, venue, and appeals.

Pro-Controller and Pro-Processor Data Processing Clauses. These forms provide data processing provisions that set out the essential requirements when the data controller is engaging a data processor to process personal data on the controller’s behalf under the GDPR.

To learn more, read the complete article at The GDPR Compliance Deadline Has Arrived—Are You Prepared?

To read the complete current edition of the Lexis Practice Advisor Journal as well as previous editions, visit the Lexis Practice Advisor Journal page.

Lexis Practice Advisor^® provides attorney developed practical guidance including practice notes, checklists, sample documents, and related legal content to help you work more efficiently. Learn more and request your free trial at Lexis Practice Advisor.