It isn’t too late for companies to prepare for the European Union’s new privacy regime—the General Data Protection Regulation (GDPR)—but there’s a lot of work to be done to meet the May 25, 2018 deadline, a panel of privacy attorneys told a packed house at a recent Bloomberg Law-sponsored panel. There are specific action items that companies behind in their GDPR preparations can still focus on to help avoid the massive potential fines and stronger privacy and data security oversight and enforcement of the looming GDPR, the attorneys said during the International Association of Privacy Professionals (IAPP) Privacy Security Risk conference in San Diego.
Preparing for the GDPR should be a company-wide endeavor with cooperative efforts among various interested parties, including the C-suite, legal department, information technology professionals, and other cybersecurity professionals, the panelists said.
The GDPR provides one EU-wide regulation to replace a more than 20-year-old directive that required each country to pass its own privacy laws. The GDPR will bring stricter standards for user consent to the use of their personal data, mandatory data breach notification, and fines as high as 20 million euros ($23.5 million) or 4 percent of a company’s annual worldwide income, among other things.
Companies should be careful if they are moving to the use of automated data processing, Adam McKinney, vice president and associate general counsel for privacy and data protection at AT&T Inc., said during the IAPP panel. Privacy protections under the GDPR apply to manual processing of personal data, as well as by automated means, such as the use of algorithms, artificial intelligence, or other mechanisms, he said. Under the GDPR, individuals will have the right to object to decisions taken about them based solely on automated decision-making. With so little time left before the GDPR takes effect, companies should be aware of the limitations the new law places on the use of automated data processing, McKinney and other panelists said.
Companies also need to know what kinds of data they are storing, where the data is being stored, and for what purposes, Tanya Forsheit, partner and co-chair of privacy and data security group at Frankfurt Kurnit Klein & Selz PC, said. Without understanding what data they collect, process and retain, companies will have an extremely difficult time ensuring that data processing activities are GDPR-compliant, she said. If a company hasn’t engaged in data mapping already, they need to begin a good faith effort to do so as soon as possible, Forsheit said.
Although some companies may wish to get their GDPR compliance preparation done as quickly as possible, they should beware of one-stop-solution programs, Rafi Azim-Khan, partner and head of data privacy and security for Europe at Pillsbury Winthrop Shaw Pittman LLP, said. Some companies may advertise their products as a silver bullet compliance solution, but there is no one-size-fits-all solution for GDPR preparation, he warned.
Companies should confer with outside or in-house counsel to determine the proper plan of action for GDPR preparation, the panelists said.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)