Yes, it is true – today is the 25 May, 2018, meaning that we are now living in a new privacy world. But is that really the case? Does everything change from today on? Let’s wait and see….
Yes, we have heard a lot about the new regulation; new accountability requirements, increased documentation obligations, severe fines for non-compliance, more transparency requirements (information is the key!), stronger rights for data subjects etc etc….
Despite of all this information, it seems to be quite difficult to understand what the requirements really are and whether your company needs to comply with everything which is stipulated in the GDPR.
How do I comply with the GDPR?
I don’t store any customer data – Does that mean I don’t have to care about the GDPR? Or do I now have to ask for consent to store employee data? What about cookies? Do I really need to ask for an opt-in for every cookie set on my website? And why is everyone sending out those new privacy policies?
Well, those kinds of questions are just an extract of the issues we dealt with in those last months. It shows that there is a lot of uncertainty and concerns about the GDPR. Unfortunately, there are so many “experts” everywhere (especially in the social media) who are not really helping in making things easier for everyone…
Small companies are worried
The problem is that the new requirements are not only applicable for the big companies and corporate groups – also small and medium-sized companies need to comply with the GDPR. Some of those cannot afford to pay lawyers who could support them with the GDPR-implementation and are therefore worried… The fines which can lead up to 20 million Euro or 4 % of the annual turnover of a company are severe and could ruin a small company. Thus, some companies even decided to stop parts of their business because they were afraid to not be able to comply with the GDPR.
And the member states?
To make everything even more complicated, the EU member states have to pass national implementing legislation. However, an overview of Latham Watkins shows that just a few have already done so…
In sum: It’s GDPR day (yes, it really is), and we are waiting curiously what’s going to happen next…