ANALYSIS - WILSON ELSER religious beliefs) to appoint a “data protection officer” with expert knowledge of data protection law and practices. The regulations do not contain any exemptions based on company size, but do allow the “data protection office” to be outside counsel hired on behalf of the company. In addition, many data protection authorities within the EU have begun issuing guidance to companies to assist in compliance with the GDPR, and more will follow. The Information Commissioner’s Office in the United Kingdom issued 12 guidelines for companies, including educating key decisionmakers about the effect of these new regulations, reviewing privacy policies, and appointing a data protection officer. Additionally, the French data protection authority authored a six-step guide for companies, including mapping how personal data is treated within a company, implementing internal data security procedures, and documenting compliance. Further, data protection authorities are expected to issue guidance throughout the coming year. Between now and the date of
www.chart-exchange.com
implementation in May 2018, companies should take steps to ensure compliance by becoming familiar with the GDPR and guidelines for compliance issued by various authorities. The first steps toward compliance include: (1) assessing current data security systems, policies, and procedures; (2) identifying the location of all data; (3) determining the scope of data retained; and (4) evaluating the safeguards in place.
NEVER MISS AN ISSUE OF CHART EXCHANGE
If personal data of EU citizens is maintained in any manner by any part of a company, it will be necessary to thoroughly review the various provisions of the GDPR to ensure the company is in compliance with these regulations. Companies affected by GDPR also should consult their insurance brokers to determine the impact of the regulations on their insurance programs. In particular, companies should discuss adequacy of limits, coverage for GDPR violations, and the ability of policies to pay into GDPR-regulated countries. The GDPR, by design, will subject significantly more companies to its regulatory framework than current regulations, and companies of all sizes and locations should prepare accordingly.
TABLE OF CONTENTS
SUBSCRIBE NOW TO CONTINUE TO RECEIVE THE CHART EXCHANGE!
AUGUST 2017
25