The General Data Protection Regulation (GDPR) of the European Union comes into force on 25 May 2018, introducing the most comprehensive change in data protection over the last 25 years and establishing the strictest data protection regime in the world.
The GDPR has cross-border effect, affecting every enterprise worldwide, handling personal data of individuals living in the EU.
In case of non-compliance, your business has to face serious fines: in case of minor, administrative data breach, the authorities can impose fines up to 10 Million EUR or 2% of the annual worldwide turnover, in case of major data breach, the fine may be up EUR 20 Million or 4% of the worldwide annual turnover.
Given the cross-border nature of GDPR, international businesses need comprehensive approach to comply with the new regulation.
For this reason, the member firms of International Law Firms have established a GDPR Working Group in 2017, in the framework of which they can mutually share information and best-practices with each other.
We suggest that your GDPR compliance project consist of the following 3 (three) phases: Due-Diligence, Compliance, and Training.
In the frame of Due Diligence, we identify the problems and risks within your company that need to be addressed to meet the GDPR, and we provide you with an action plan in which the steps, necessary to be taken to meet compliance are summarised.
Problems and risks discovered during the Due Diligence are solved and treated at this stage, by reviewing & drafting internal data protection documentation, and other related documents. Besides internal documents, we focus on contracts concluded by you, as well as the personal data protection aspect of the contract templates used by your company.