12 Jun 2018 10:31 PM | Anonymous

The General Data Protection Regulation (GDPR) of the European Union comes into force on 25 May 2018, introducing the most comprehensive change in data protection over the last 25 years and establishing the strictest data protection regime in the world.

The GDPR has cross-border effect, affecting every enterprise worldwide, handling personal data of individuals living in the EU.

In case of non-compliance, your business has to face serious fines: in case of minor, administrative data breach, the authorities can impose fines up to 10 Million EUR or 2% of the annual worldwide turnover, in case of major data breach, the fine may be up EUR 20 Million or 4% of the worldwide annual turnover.

Given the cross-border nature of GDPR, international businesses need comprehensive approach to comply with the new regulation.

For this reason, the member firms of International Law Firms have established a GDPR Working Group in 2017, in the framework of which they can mutually share information and best-practices with each other.

We suggest that your GDPR compliance project consist of the following 3 (three) phases: Due-Diligence, Compliance, and Training.

Due Diligence

In the frame of Due Diligence, we identify the problems and risks within your company that need to be addressed to meet the GDPR, and we provide you with an action plan in which the steps, necessary to be taken to meet compliance are summarised.


Problems and risks discovered during the Due Diligence are solved and treated at this stage, by reviewing & drafting internal data protection documentation, and other related documents. Besides internal documents, we focus on contracts concluded by you, as well as the personal data protection aspect of the contract templates used by your company.


The world's best corporate privacy policy is worth nothing if your employees do not know or do not comply with its provisions. For this reason, we apply a data protection training on request, whereby based on the internal rules adopted by you in the framework of Compliance,  we teach the basic personal data protection rules to you employees, and test their knowledge.