One CLO Tested His Employees' GDPR Knowledge and Was 'Shocked' at What He Found
John Boswell, CLO of SAS Institute Inc. recently told Corporate Counsel about the valuable lessons he's learned since the GDPR became reality.
August 02, 2018 at 12:25 PM
5 minute read
Little more than two months have passed since the General Data Protection Regulation took effect, but the chief legal officer of a worldwide analytics and data management software company has already had some noteworthy surprises.
John Boswell, executive vice president and chief legal officer of the SAS Institute Inc., which is based outside Raleigh, North Carolina, said he spent six years preparing for the arrival of the GDPR, a sprawling new privacy and security law that applies to companies that process the personal data of people living in the European Union.
“It cost us millions of dollars in time and effort and energy,” Boswell said, noting that failure to comply with the new regulations could result in a fine of 4 percent of a company's worldwide revenue. For SAS, which has customers in 147 countries and reported $3.24 billion in revenue last year, such a fine would amount to more than $120 million.
Secret Shoppers
In the weeks after the GDPR was unleashed on May 25, Boswell wanted to test employees' readiness. He asked other lawyers at SAS to have their spouses or assistants call an SAS office and, posing as European citizens, request their personal data under the GDPR.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250