Copyright © 2018 ALM Media Properties, LLC. All Rights Reserved.
The countdown to the enforcement date of the EU General Data Protection Regulation (GDPR) has begun and it’s becoming increasingly clear that many U.S. organizations are poised to be caught in its crosshairs. Organizations that offer goods or services in the EU (whether or not a payment is involved) or that monitor the behavior of individuals in the EU, will be subject to the GDPR’s requirements whether or not they have a presence in the EU. For U.S. organizations that are being exposed to the EU’s regulatory regime for the first time, panic may be setting in (if it hasn’t already). Requirements around honoring expanded data subject rights, maintaining records of processing, documenting the legal basis for such processing, and complying with the new security breach notification requirements, among others, may be particularly challenging for organizations that don’t have well–developed data governance policies or centralized systems and databases.