Is Your Startup Prepared for the GDPR?
- David Gammell
Last month’s QuickLaunch University webinar focused on European data privacy legislation and more specifically, the ambitious General Data Protection Regulation (GDPR) that goes into full effect on May 25, 2018. WilmerHale Partners Dr. Martin Braun and David Gammell discussed the key issues that emerging companies should consider as they prepare to comply with the new requirements. Here are a few things you need to know to prepare for the GDPR today:
- Understand the definition of “personal data.” Personal data includes
name, email, and telephone numbers for example, but under the GDPR it can
also include IP address or device ID. The GDPR also applies to other types
of data subject to additional protection, such as health data, sexual
orientation and racial background, if it can be attributed to an
- Document your data. Under the GDPR, the entity controlling the processing
of personal data needs to be prepared to demonstrate compliance with the
requirements, which is called the accountability principle. Understand
your systems and the type of data you have, and document who has it, why
they have it and who has access—this is a crucial preparation step.
- Communicate. We expect to see many updated website terms and
conditions and privacy policies over the next few months. Review your
current policies, including those related to consent, and assess whether
any changes are required before May 2018.
- Make data privacy a boardroom issue. Fines for noncompliance with European data protection regulations will increase dramatically under the GDPR and your ability to comply with the GDPR may affect how investors view your company. Ensure that everyone in your organization understands the company’s obligations and the steep risks associated with noncompliance.
WilmerHale’s Privacy and Cybersecurity Law Blog is a resource for updates on US and European data privacy regulation. Read the most recent GDPR update, “The Article 29 Working Party Releases Draft Guidelines on the Application and Setting of Administrative Fines.”
To learn more about GDPR preparation for , listen to our webinar recording or download the webinar materials, and follow our Launch blog for key takeaways on other topics relevant to the ecosystem.