Andre Bywater on GDPR After the Implementation Deadline [Podcast]


By Adam Turteltaub

May 25, 2018 was the deadline for companies to comply with the new European General Data Protection Regulation (GDPR), and for many organizations, it was a very long slog just getting there.

Andre Bywater of Cordery Compliance warns, though, that it’s best not to think of that date as an endpoint.  Instead, it’s a starting line for a new era in data protection.

Already many complaints have been brought before data protection regulators, and they have led to subsequent investigations based on allegations of violations.  One organization has already been told to stop processing data.

So, the consequences for violations are real and, notably, they extend beyond the EU.

Even companies who have done an excellent job preparing for GDPR need to remain diligent, particularly for data breaches.   Hacking is a problem and a headline grabber, but there is a significant day-to-day challenge with human error:  lost laptops, phone stolen, and so forth.  Under GDPR, organizations have to report these incidents promptly to the regulator and may have to tell the individuals involved.

This need to report quickly makes it essential for compliance teams to have a plan in place for responding, even before the breach occurs.

Another issue to prepare for: individuals have the right to ask what information the organization has collected on them.  That can be a time-consuming process that includes paper records.  Once again, it’s important to have plans in place before the request comes in.

In sum, GDPR poses significant ongoing challenges and will be a part of compliance efforts for a long time to come.  Listen in to the podcast to learn more about what you should be thinking about and doing.