What In-House Counsel Are Doing to Prepare for the GDPR

With the European Union’s General Data Protection Regulation set to go into effect in less than a year, companies and in-house counsel have been considering the implications–and the massive potential fines—for some time now.

But with the May 2018 date looming, what are legal departments doing to prepare? At the Association of Corporate Counsel’s annual meeting, in-house counsel offered some of their strategies used to get ready for GDPR requirements.

Privacy Impact Assessments

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Law Firms Mentioned

<img class="alignnone size-full wp-image-1839" src="http://www.almcms.com/contrib

/uploads/sites/390/2017/10/GDPR-Article-201710171540.jpg" alt="" width="558" height="372" />   With the European Union��s <a href="http://www.corpcounsel.com/id=1202783764745/The-EUs-General-Data-Protection-Regulation-GDPR">General Data Protection Regulation</a> set to go into effect in less than a year, companies and in-house counsel have been considering the implications��and the <a href="http://www.corpcounsel.com/id=1202787291207/Answers-to-Critical-Questions-About-Enforcement-of-the-EUs-New-GDPR-Privacy-Law">massive potential fines</a>��for some time now. But with the May 2018 date looming, what are legal departments doing to prepare? At the Association of Corporate Counsel��s annual meeting, in-house counsel offered some of their strategies used to get ready for GDPR requirements. <h2><strong>Privacy Impact Assessments</strong></h2> Privacy impact assessments (PIAs) are required under the GDPR in certain situations, and this process essentially describes where data is, what it��s used for and in what context.��<a href="https://www.mcdowellpurcell.ie/legal-blog/privacy-impact-assessments/">PIAs are required</a> when a processing operation could pose a high risk to individuals, and should identify processing operations, analyze risks, review whether processing is in compliance and outline measures that are thought to address any risks. One resource for in-house counsel when dealing with uncertainties is regulators, who can provide guidance on PIAs and the GDPR, in general, according to panelist Lisa Zolidis, privacy counsel for the Americas region at Dell Inc. ��As you��re coming up with different ways to tackle different parts of the GDPR, one way to test these potential best practices is to get a meeting with the data protection authority and to walk them through [those],�� she said. ��And it might be a situation, [and] there have been situations recently, where the data protection authorities are just now learning the practical effects of some of the overarching directions in the GDPR,�� she added. ��And in talking that through ... they are able to then maybe have a learning opportunity, or maybe give some additional guidance.�� One challenge for in-house counsel when it comes to PIAs is in addressing risks while not slowing down the business, said panelist Whitney McCollum, VP and assistant general counsel of data privacy and technology at global engineering design firm AECOM. It might not be well received, she said, when counsel step in to analyze risks by way of a PIA as the business is looking to launch a new product. ��The advice I��ve seen so far ... is first, as much as you can, get on people��s radar early. Get on the procurement team��s radar, any of your development teams, and say, ��Look, GDPR is coming�� and then scare the pants off them with the fines,�� McCollum said, noting that violating GDPR obligations can result in a fine of up to 4 percent of a company's annual global turnover, or ��20 million, whichever is greater. As far as the PIA itself, McCollum said, to the extent possible, ��make it simple.�� Find out what data is being collected, create a simple checklist of all the possible data collected, what��s the data used for, and so on, she elaborated. For some in-house lawyers, the tools to simplify this process may already exist within the company, said panelist Laura Hamady, head of global legal privacy at PayPal Inc. ��When you kind of roll up your sleeves on this project, I think you��re going to find that there are many intake processes that already exist organically throughout the business.�� To simplify the process, Hamady said, ��try to standardize�� and ��try to embed the same set of questions�� across the board, when possible. <h2><strong>Data Protection Officers </strong></h2> And in many cases, such as when processing is carried out by a public authority or when a company conducts ��regular and systematic monitoring of data subjects on a large scale,�� a data protection officer must be appointed. For some companies, it may be easy to say a data protection officer is required, but for a number of companies, it is fairly ambiguous. What should a company facing uncertainty do? Zolidis echoed her previous comment that regulators can be an excellent sounding board for in-house counsel. ��This is one of those areas that if you do think that you��re in a gray area and you��re not sure ... you may consider talking to your lead regulatory authority, your lead data protection authority, and vet it out,�� she said. ��I say DPO if you can,�� McCollum said. ��Unless you are absolutely certain that you don��t fall into these categories, then I��d assign someone to be your DPO.�� Adding to the complexity of this position is the concern that the DPO may be difficult to terminate because of certain privileges afforded to this role as well as the question of whether to keep the role in-house or to hire someone from outside the company to fill the spot. ��We don��t have an external DPO ... but if we did appoint one, it would be our privacy counsel, who we��ve been working with for a number of years,�� McCollum said. ��They wouldn��t just be the person you shoot an email off to to get an answer. They��d be an integral part of the team.�� McCollum added: ��Something to keep in mind if you��re using an external firm is that there is a cost aspect of that in paying outside counsel fees, but you also get the expertise with that, and you also get their knowledge of what other companies are doing.�� <

Trending Stories

A Tale of 2 Associates: What Really Pushes Top Talent From Big Law?

The American Lawyer

What 10 Years of Experience Costs in the Am Law 100 Today

The American Lawyer

Skadden, Wachtell and Goodwin Top First-Half M&A Tables, as Megadeals Rachet Up

The American Lawyer

Which Law Firms Are On Course to be in the Global Elite?

The American Lawyer

Armstrong Teasdale Ex-DEI Leader Sues Firm Over Discrimination, Systematized Racism

The American Lawyer

25 Years of the Am Law 200: Is Size as a Strategy a Winning Formula?

People, Places & Profits, Part III: Are Law Firm Financial Metrics Keeping Pace With Inflationary Growth?

The State of Diversity in Big Law: Get a Sneak Peek on the 2024 Diversity Scorecard Results

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.
75 Ponce De Leon Ave NE Ste 101
Atlanta, GA 30308
(470) 294-1674
www.garymartinhays.com

Law Offices of Mark E. Salomone
2 Oliver St #608
Boston, MA 02109
(857) 444-6468
www.marksalomone.com

Smith & Hassler
1225 N Loop W #525
Houston, TX 77008
(713) 739-1250
www.smithandhassler.com

Presented by BigVoodoo

More From ALM

Generative AI will transform the eDiscovery landscape. However, enterprises must carefully select their partners or risk falling into the many traps of generative AI. Download this brief to learn more.

Will Generative AIs Transform Legal Services? Defensibility and Security Must Be a Focus

Brought to you by HaystackID
Download Now

Discover how in-house counsel can effectively manage employment issues using advanced legal technology. This white paper explores the benefits of handling employment matters internally, reducing costs, and mitigating risks. Learn from survey data and expert insights on improving your legal department's efficiency and protecting your company's reputation.

Good Legal Technology is Good Business: A Case for Bringing Employment Issues In-House

Brought to you by LexisNexis®
Download Now

A new study finds legal departments struggling to manage electronically stored information (ESI), resulting in delays and fines. Download this comprehensive report and discover expert strategies to reduce risks and enhance efficiency.

2024 ESI Risk Management & Litigation Readiness Report

Brought to you by Pagefreezer
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More

Women, Influence & Power in Law US Awards 2024

September 24, 2024
Chicago, IL

Women, Influence & Power in Law Awards honors women lawyers who have made a remarkable difference in the legal profession.

Learn More

Litigation Associate

Skolnick Legal Group, P.C., a construction and commercial litigation firm with offices in New Jersey and New York is seeking a Litigation As...

Apply Now ›

Insurance Coverage Litigation Attorney - New York

Cullen and Dykman is seeking an associate attorney with a minimum of 5+ years in insurance coverage experience as well as risk transfer and ...

Apply Now ›

INSURANCE COVERAGE ASSOCIATE

McCarter & English, LLP is actively seeking a midlevel insurance coverage associate for its Newark, NJ and/or Philadelphia, PA offices. ...

Apply Now ›

Lawyers of Distinction

06/27/2024
The American Lawyer

Professional Announcement

View Announcement ›

SMGQ Law

06/21/2024
Daily Business Review

Full Page Announcement

View Announcement ›

Blume Forte Fried Zerres & Molinari

06/14/2024
New Jersey Law Journal

Professional Announcement

View Announcement ›

What In-House Counsel Are Doing to Prepare for the GDPR

Jennifer Williams-Alvarez

Thank you for sharing!

Privacy Impact Assessments

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

You Might Like

5 Ways to Transform Your Legal Department Into a Vital Business Partner

Tractor Supply Co.'s Stock Takes Hit After Activists Bash Its Embrace of DEI

Microsoft Faces EU Antitrust Charge for First Time in a Decade

Multinationals Face Huge Fines for Supply Chain Breaches Under New EU Directive

Law Firms Mentioned

Featured Firms

More From ALM

Best of

In-House Counsel Technology

Corporate Counsel

Special Coverage

Communities

What In-House Counsel Are Doing to Prepare for the GDPR

Jennifer Williams-Alvarez

Share with Email

Thank you for sharing!

Privacy Impact Assessments

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

You Might Like

5 Ways to Transform Your Legal Department Into a Vital Business Partner

Tractor Supply Co.'s Stock Takes Hit After Activists Bash Its Embrace of DEI

Microsoft Faces EU Antitrust Charge for First Time in a Decade

Multinationals Face Huge Fines for Supply Chain Breaches Under New EU Directive

Law Firms Mentioned

Trending Stories

Featured Firms

More From ALM

Subscribe to Corporate Counsel

Best of

In-House Counsel Technology

Corporate Counsel

Special Coverage

Communities