Businesses Scramble to Comply with GDPR

On May 25, 2018 a new regulation took effect in the European Union (“EU”) called the General Data Protection Regulation (“GDPR”). GDPR regulates how companies can process, collect, store, transfer, and/or use personal data from individuals in the EU. Consumers want to know what data is being collected and shared, as well as understand how it is being used. GDPR applies to all companies that process, collect, store, transfer, and/or use personal data, regardless of where the company is located. Personal data is broadly defined as information related to a natural person or “data subject” that can be used to directly or indirectly to identify the person. It can be anything from a name, an email address, or bank details, to posts on social networking websites, a photo, cookies, or a computer IP address.

GDPR requires that companies that do have access to such personal data implement certain security, information, and data protection protocols. Companies are also required to notify consumers and obtain consents related to the collection and use of such personal data and allow for an easy way for the individuals to revoke their consent. In addition, if others have access to the personal data provided to the company during the course of business, then it is important to hold those parties to the same standards required by GDPR, the extent of the obligations depending on whether the access consists of controlling, processing, or simply accessing the personal data.

The consequences for noncompliance are hefty: the greater sum of €20 million or 4% of a company’s annual earnings. Therefore, it’s important to assess what personal data your company has access to and how it uses it to ensure you’re in compliance. Although the burden of ensuring you’re in compliance might be costly and time-consuming, it will be much costlier and more time-consuming should you not be in compliance and get penalized or face a lawsuit.

Tricia Meyer is founder + managing attorney of Meyer Law, a woman-owned, forward-thinking boutique law firm specializing in helping entrepreneurs and technology companies from startups to fortune 500’s with corporate, contracts, employment, intellectual property, and fundraising matters. Tricia has been named one of the Most Influential Female Lawyers in Chicago by Crain’s Chicago Business, has received several awards, and been recognized as one of the ten top technology lawyers. As an entrepreneur and a lawyer, Meyer has a unique perspective and is a mentor at tech incubators and accelerators across the United States. Learn more at and follow us on Twitter @thetriciameyer or @loveyourlawfirm.