{ Banner Stripe }
News & Alerts
Print PDF

Is Your Business Ready for the GDPR?

April 2018
Stan Sneeringer

On May 25, 2018, the European Union’s General Data Protection Regulation (the “GDPR”) takes effect. The GDPR applies to every business collecting data from, or using data to track individuals residing in, an EU member state — even if that business is not itself located in the EU. The GDPR sets the new standard in data privacy regulation and should be taken seriously by every business with a significant online or e-commerce component.

If the GDPR applies to your business, your existing privacy policy is likely no longer sufficient. Policies drafted to comply with California law — the previous gold standard — are not sufficient and may require substantial revision. Even standard online practices such as using session, tracking and third-party cookies, now require affirmative, informed consent and the opportunity to easily withdraw that consent.

The GDPR’s changes extend beyond privacy policy revisions, however. Subject businesses need to review, update and document their current data storage, retention and backup procedures to minimize their potential liability for future data breaches. A careful review of your business’s contracts with its payment processing, data and web hosting and other data processing vendors is essential.

If you have questions about the GDPR and its application to your business, please contact Stan Sneeringer at 312.261.2238 or at ssneeringer@pedersenhoupt.com for an initial assessment of your business’s needs. Pedersen & Houpt is prepared to bring your business into compliance with the new gold standard in data privacy.