My friend Zack Warren  (Editor-in-Chief of Legaltech News) recently wrote at Law.com that “While the maximum penalty of the greater between $20 million or 4 percent of an organization’s annual revenue may not be widely applied, compliance will still be expected for all organizations that touch EU citizens’ data in some way.”  The May 14, 2018 article entitled “10 Things You Should Know Before the GDPR Deadline Is Here” included these comments about #9 But the Work’s Not Done:

Although many in-house counsel are aware of changes that need to be made, those changes still need to actually be implemented.

An Association of Corporate Counsel report released in early May looked at what still needed to be done.

Some 47 percent of respondents reported that, in order to comply with GDPR, they must change data security standards.

Meanwhile, 45 percent said they must change their breach notification procedures to do so, and 43 percent said they need to modify incident response plans.

This is particularly pressing in the health care and financial services sectors, where a separate April survey found that 7 percent of health care companies said they are unlikely to be fully compliant by the deadline, while 3 percent of financial services companies reported they haven’t even begun the process to do so.

Here are all 10 things you should know:

  1. The Basics
  2. A Legitimate Interest
  3. The Issue of Consent.
  4. The Data Protection Officer
  5. Your Employee Data
  6. Ensuring Insurance
  7. Firms Doing Double Duty
  8. ALSPs to the Rescue
  9. But the Work’s Not Done
  10. A Marathon, Not a Sprint

Lots of companies are working hard to be in GDPR compliance, and some only watching…so it will be interesting to see how GDPR changes the world on May 25!