BLOG

Thoughtful Insights On The World We Live In

security-2168233_1920

Understanding How GDPR Compliance Affects Your Business

On May 28, 2018, the GDPR or General Data Protection Regulations went into effect. GDPR is a legal framework that governs the way companies handle data for those within the European Union (EU). It impacts data privacy law and compliance for companies on other continents who manage customer information from European citizens. Companies across industries must focus on GDPR compliance and take steps to provide disclosures and ensure that EU consumer data is protected. 

What is GDPR?

You can learn more about the ins and outs of GDPR from our post, Introduction of GDPR. In general, GDPR is privacy protection laws that determine how businesses collect, store, and process company data. There is one thing to do before turning to a discussion of the practical impact of GDPR on covered entities. It is essential to understand the contractual provisions that govern the relationship between controllers and processors. Article 4 of the GDPR identifies a:

  • Controller: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.”
  • Processor: is the “natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

These contractual provisions are generally found in a data processing agreement, commonly referred to as a data processing addendum or “DPA.”

GDPR DPA Requirements

Suppose your business processes personal information related to individuals residing in the EU. Or, your business provides such information to any other entity. In either case, you are likely already familiar with the concept of a data privacy agreement. The most fundamental provisions required by GDPR are in Article 28, Section 3 of GDPR. Such section requires “processing by a processor” be “governed by a contract…that sets out the:”

  • subject-matter of the processing;
  • duration of the processing;
  • nature and purpose of the processing;
  • types of personal data subject to processing;
  • categories of data subjects (data subject); and
  • rights and obligations of the controller.

In addition to the above, GDPR sets forth many stipulations applicable to processors, which must be in the relevant agreement or DPA. Such stipulations include that the processor:

  • must act only on the controller’s documented instructions unless required by law;
  • will ensure that individuals processing the controller’s data are subject to an appropriate duty of confidence;
  • must take proper measures to ensure the security of processing;
  • may only engage with a sub-processor with the controller’s prior authorization and according to a written contract containing appropriate protections;
  • must take proper measures to help the controller respond to request from individuals to exercise the rights provided to them under GDPR;
  • take into account the nature of processing and the information available, the processor must assist the controller in meeting its GDPR obligations with the security of processing, notification of personal data breaches, and data protection impact assessments;
  • must delete or return all personal data to the controller upon the termination of the provision of services relating to processing; and
  • will submit to specific audits and inspections.

Ensure GDPR Compliance with Bagchi Law 

Whether your business is a controller entering into a DPA with a processor, or you’re a processor engaging with a sub-processor, it may seem daunting to meet each GDPR requirement. On the flip-side, failure to comply with GDPR can result in significant fines. While GDPR became effective in May 2018, there has been an exponential increase in the number of enforcement actions so it is more important than ever for businesses to focus on compliance.

Schedule a consultation today to learn how the team at Bagchi Law can help you with GDPR compliance

Related

Spotlight on Lucha: A Story of Resilience and Community

n the heart of the South Bronx, a unique wrestling program has given rise to incredible athletes and inspired a compelling documentary, “Lucha.” This film captures the journey of a group of young women who, against all odds, found strength, community, and hope on the wrestling mat. Today, we are excited to share the story behind “Lucha” and its incredible impact on the lives of these young athletes and their community. We sat down with Josh Lee, a wrestling coach and one of the key figures behind this inspiring documentary.

>>

Understanding the FTC’s ban on noncompete clauses and what this means for your business

The Federal Trade Commission (FTC) has recently formalized a rule that will alter the landscape of noncompete clauses in employment…

>>

Corporate Transparency Act: An Essential 2024 Update

The Corporate Transparency Act (CTA) mandates domestic and foreign entities operating in the United States to report key details about their beneficial owners to the Financial Crimes Enforcement Network (FinCEN).…

>>

A Startup Conversation: Jim Roberts on Cultivating Entrepreneurship in Wilmington

Jim Roberts was the Founding Executive Director of the UNCW Center for Innovation and Entrepreneurship incubator and is the founder of the Network for Entrepreneurs in Wilmington (NEW) as well…

>>

Brand Protections and The Importance of A Fanciful Trademark

In the fast-paced and competitive world of business, your brand is everything. It represents your company’s identity, values, and products or services. As a law firm specializing in intellectual property…

>>

Mastering the Art of Handling Negative Online Reviews: Tips and Strategies for Business Owners

If you have been in business for any significant amount of time, you likely have received a negative online review. Depending on where the review is posted, the search engine or website may provide…

>>

THE LATEST

Spotlight on Lucha: A Story of Resilience and Community

n the heart of the South Bronx, a unique wrestling program has given rise to incredible athletes and inspired a compelling documentary, “Lucha.” This film captures the journey of a group of young women who, against all odds, found strength, community, and hope on the wrestling mat. Today, we are excited to share the story behind “Lucha” and its incredible impact on the lives of these young athletes and their community. We sat down with Josh Lee, a wrestling coach and one of the key figures behind this inspiring documentary.

Understanding the FTC’s ban on noncompete clauses and what this means for your business

The Federal Trade Commission (FTC) has recently formalized a rule that will alter the landscape of noncompete clauses in employment…

The Latest on the Corporate Transparency Act

The Corporate Transparency Act (CTA), a pivotal legislation aimed at combating financial crimes by enhancing transparency in business ownership, has…

Contact Us

Let's challenge the default together