On May 25, 2018 a new regulation took effect in the European Union (“EU”) called the General Data Protection Regulation (“GDPR”). GDPR regulates how companies can process, collect, store, transfer, and/or use personal data from individuals in the EU. Consumers want to know what data is being collected and shared, as well as understand how it is being used. GDPR applies to all companies that process, collect, store, transfer, and/or use personal data, regardless of where the company is located. Personal data is broadly defined as information related to a natural person or “data subject” that can be used to directly or indirectly to identify the person. It can be anything from a name, an email address, or bank details, to posts on social networking websites, a photo, cookies, or a computer IP address.
GDPR requires that companies that do have access to such personal data implement certain security, information, and data protection protocols. Companies are also required to notify consumers and obtain consents related to the collection and use of such personal data and allow for an easy way for the individuals to revoke their consent. In addition, if others have access to the personal data provided to the company during the course of business, then it is important to hold those parties to the same standards required by GDPR, the extent of the obligations depending on whether the access consists of controlling, processing, or simply accessing the personal data.
The consequences for noncompliance are hefty: the greater sum of €20 million or 4% of a company’s annual earnings. Therefore, it’s important to assess what personal data your company has access to and how it uses it to ensure you’re in compliance. Although the burden of ensuring you’re in compliance might be costly and time-consuming, it will be much costlier and more time-consuming should you not be in compliance and get penalized or face a lawsuit.
Tricia Meyer is Founder + Managing Attorney of Meyer Law, one of the fastest growing law firms in the United States. Meyer helps entrepreneurs and technology companies from startups to large corporations with day-to-day matters and notable clients include companies that have appeared on Shark Tank to companies gracing the Inc. 500 to some of the largest companies in the world.
Tricia has been named on the Forbes Next 1000 list, is one of the Most Influential Female Lawyers in Chicago according to Crain’s Chicago Business and been recognized as a top 10 technology lawyer.
As an entrepreneur and a lawyer, Meyer has a unique perspective and has mentored thousands of startups and scaling companies at tech incubators and accelerators across the United States such as 1871, WeWork Labs and Techstars. Tricia has been featured in Inc., Crain’s, Chicago Tribune, NBC Chicago, American Express OPEN Forum, and more. Learn more at www.MeetMeyerLaw.com and follow Meyer Law’s story on Instagram @loveyourlawyer.