5 Useful Resources on the New EU General Data Protection Regulation (GDPR)

Data privacy lawyers and officers around the world are working to assess the implications of and implement (before May 25, 2018) the requirements contained within the recently passed General Data Protection Regulation (GDPR). As one might expect, the requirements, scattered throughout the nearly 300 pages of the GDPR and introductory notes, are many and not entirely straightforward. 

Over the past few months, a significant portion of my time has been spent talking to my colleagues and NAVEX Global clients about the GDPR and Privacy Shield (privacy, it seems, has become a blisteringly hot topic even for non-privacy folks) and with good reason: It has been suggested that the GDPR will create over 25,000 new jobs.

In fact, I’ll be on a panel at the ACC Annual Conference in San Francisco in October to discuss the effect of the GDPR as well as practical recommendations organizations should consider implementing to meet compliance. I would love to connect with any of you who will be there.

Related: Browse our award-winning compliance training courses on data privacy and data protection

In the meantime, I wanted to share some resources on GDPR that I have found useful:

  • Phil Lee, Partner, Privacy, Security & Information, Fieldfisher is an expert in GDPR who has published a number of blog posts on this topic, including his two most recent: “What you think you know about the GDPR…and why you may be wrong,” which clears up some common misconceptions, and "The ambiguity of unambiguous consent under the GDPR," which tackles some GDPR grey areas. 
  • TRUSTe has developed a number of resources and tools to help organizations prepare for GDPR requirements. Start with this blog post, “Your Path to GDPR Compliance, Step 1,” which includes a readiness assessment, and other tools to help.
  • The International Association of Privacy Professionals (IAPP) has collected GDPR resources titled, “Top 10 Operational Impacts of the GDPR.” Topics include the potential impact on cyber security and data breach notification obligations and cross-border data transfers.
  • In this blog post, “The countdown is on: 24 months to GDPR compliance,” Denelle Dixon-Thayer, Chief Legal and Business Officer at Mozilla Corporation, tries to look at the bright side of GDPR, asserting that good data privacy for users is, ultimately, also good for organizations.
  • In this article in The Guardian, journalist Samuel Gibbs explores the potential implications, intersections and future evolutions of the GDPR, quoting William Long, a partner at Sidley Austin, who said, “Organisations should be under no doubt that now is the time to start the process for ensuring privacy compliance with the regulations. Importantly, companies outside of Europe, such as those in the US who offer goods and services to Europeans, will fall under the scope of this legislation and will face the same penalties for non-compliance.”

What stage of preparation is your organization in? Do you have a clear go-forward path so you’ll be ready in May 2018? Share your experience and your questions in the comments section below.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Six Best Practices to Go Beyond Dutch Whistleblower Compliance

With the launch of the new Dutch Whistleblower regulations, we’ve highlighted best practices you can implement to make sure you don’t just meet the requirements but actually implement a programme that will change your organisation for the better.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

9 Ways Brexit May Affect UK Compliance Regulations

After the UK’s momentous vote to leave the European Union, the country faces two years of exit negotiations and the potential re-drawing of regulations. What will Brexit mean for ethics and compliance in the UK?
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.