The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching. As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and concerns are likely to arise. While there is no shortage of online guidance on the GDPR, finding answers to your specific questions and concerns, and assuring those answers come from credible sources, can be daunting. But we’re here to help. Below are four resources that make the GDPR more accessible, thereby enabling you to more efficiently and effectively decipher your organization’s obligations.
- EUGDPR.org is a good place to start your search. The site answers FAQs about the GDPR in general, how to prepare to meet its requirements, and whether your organization is subject to the GDPR’s mandates. It also summarizes the articles contained in the GDPR and, for those seeking motivation, provides a down-to-the-second Time Until GDPR Enforcement countdown clock.
- GDPR Regulations & Recitals. Though they are available elsewhere, this site lays out the regulations and recitals in a very user-friendly format.
- Article 29 Working Party (“WP29”) Guidance. WP29 is an advisory group made up of representatives from EU data protection authorities and the European Commission. It has authored guidance on a number of key GDPR topics, including data portability, data protection officers, lead supervisory authority, data protection impact assessments, personal data breach notifications, automated decision-making and profiling, administrative fines, consent, and transparency. WP29’s guidance is well worth heeding because the GDPR envisions a key role for WP29’s successor, the European Data Protection Board (“EDPB”), which will replace WP29 when the GDPR takes effect. As discussed in Recital 139, the EDPB will contribute to “the consistent application of” the GDPR and the promotion of “cooperation of [its] supervisory authorities” throughout the EU.
- Our Blog & Articles. In past posts and articles, we’ve covered important GDPR issues including employee consent, the impact of the GDPR on US organizations with EU employees, and an employee’s right of erasure. We’ll continue to write regularly on GDPR-related topics in coming months.