General Data Protection Regulation

Do you have data from individuals in the European Union? We work with clients worldwide to comply with the EU General Data Protection Rule (GDPR), which went into effect on May 25, 2018.

Generally, the GDPR applies to any entity that may collect data from individuals in the EU, even if the individual or business operates or is incorporated outside the EU. This can include information collected or otherwise received during the course of business, or even information collected via cookies and similar means, through an entity’s website.

We offer the following GDPR services:

Analysis of Current GDPR Needs

  • Preliminary analysis of the extent and scope of GDPR compliance issues
  • GDPR Internal Assessment Memo, which includes:
    • A description, mapping and flow of personal information, methods of collection, and its usage and retention, based on the client’s current practices
    • An analysis of the consent received from users
    • Review of applicable data retention, data transfer, employee training, and data breach policies
    • Internal risk assessment and a review of whether the personal information collected is actually required for the client’s business
    • Gap analysis and proposed actions to be adopted
  • GDPR Data Processing Agreements (which we draft or comment on, as required)
  • Review and redraft (if applicable) of GDPR-compliant website privacy notice
  • Draft applicable internal policies related to GDPR based on information we receive from the client

Ongoing Compliance

  • Support the DPO of the entity in ongoing GDPR-related advice related to new products or business ventures
  • Assisted a B2B cyber security company to assess its GDPR compliance related to personal information collected through its marketing activities and website, as well as its privacy notice
  • Assisted a Fintech on GDPR compliance related to personal information collected through its B2B business activity, as well as drafting applicable data processing agreements (DPA)
  • Assisted an online content promotion company with GDPR compliance related to personal information collected through its business activities and through third-party platforms (such as Facebook). We also assisted the company in redrafting its privacy notice