GDPR is almost here: are you ready?

The new General Data Protection Regulation 2016/679 (GDPR) comes into effect on 25 May 2018 across the European Union. However, it's not just European companies that need to be prepared. If your business deals with customers or individuals located within the European Union, then the GDPR potentially applies to your business, even if it isn't incorporated or established in Europe.

What do I need to do?

Firstly, you need to determine whether the GDPR might apply to your business.

Your business may need to comply with the GDPR if your business:

• has an office in the EU (regardless of whether or not it processes personal data in the EU); or
• does not have an establishment in the EU, but does offer goods and services to, or monitor the behaviour of, individuals in the EU, such as having a website that enables EU customers to order goods and services in the language of a member state or enables payment in euros, or tracking EU individuals online and using data analytics techniques to profile those individuals and determine their preferences.

If the GDPR does apply to your business, there are a number of steps that you might need to take, including:

• updating your collection notices, consents and privacy policy;
• considering whether your business will need to appoint a representative in the EU;
• reviewing and potentially updating contracts with third parties;
• considering whether your business will be required to appoint a data protection officer; and
• establishing a procedure for assessing possible data breaches and complying with any notification requirements.

Next steps

To find out more about whether your business is impacted by the GDPR and, if so, how to get GDPR compliant, visit our GDPR website, download the GDPR Survival Guide prepared by our alliance partner Linklaters, or contact me directly.

We also have available a fixed price GDPR questionnaire, to assist in determining whether your business is impacted by the GDPR.