Looking Past May 25: GDPR Obligations in the Real World

Esteban Morin (left) and Ian O'Neill (right)

BY: Esteban Morin and Ian O’Neill

For the past few months, it has been a race to the finish as companies across the globe spent a tremendous amount of time and resources preparing for the day on which the European Union General Data Protection Regulation became effective — May 25, 2018. Leading up to this date, in-house attorneys and outside counsel alike frequently invoked May 25 as a shibboleth and conjured up campfire chillers about companies being fined 4 percent of their annual global revenue or receiving nonstop barrages of access requests from millions of EU residents who suddenly awoke to new privacy rights. But the reality is that many companies were not in full compliance when the GDPR became law and many others who were substantially prepared will make missteps as they adjust to their new policies and practices. Fortunately, there is no need to panic. The sky did not fall on May 25, and companies should continue to work toward obtaining and subsequently maintaining compliance in the coming months and years.

Although there is no telling exactly how European regulators will enforce the Regulation, here are a few key items that your company should have in its tool box as it moves toward full compliance.

To read this story and other complete articles featured in the May 28, 2017 print edition of Law Week Colorado, copies are available for purchase online.