New Data Protection Law Going Into Effect On May 25, 2018 – Is Your Organization Ready?

Sunday April 1, 2018 Published in Corporate and Business
Flag USA and Europe isolated on sky background

The European Union’s General Data Protection Regulations (GDPR) take effect on May 25, 2018. GDPR applies to all organizations that collect and process data belonging to EU citizens. This also applies to the United Kingdom post Brexit. It does not matter where in the world the EU citizen may be, if your organization collets the data of an EU citizen, it must be protected. Organizations need to comply whether they have operations or employees in the EU and also if they have a website or app that collects and processes EU citizen data. Penalties for non-compliance are quite severe: If an organization is found to be non-compliant, the fine is the greater of 20 Million Euros or 4% of an enterprise’s worldwide revenue!

Data control and data security go hand in hand and form the basis of the GDPR regulations.

Data Control: To preserve a resident’s privacy, organizations must: (i) only process data for authorized purposes; (ii) ensure that the data is accurate; (iii) minimize the exposure of the individual’s identity; and (iv) implement data security measures.

Data Privacy: To preserve a resident’s privacy, organizations must implement: (i) safeguards to keep data for additional processing; (ii) data protection measures, by default; and (iii) security as a contractual requirement, based on risk assessment and encryption. In addition, a data subject has “the right to be forgotten.”

In other words, an organization cannot keep data indefinitely. GDPR requires organizations to completely erase data from all repositories when: (i) data subjects revoke their consent; (ii) a partner organization requests data deletion; or (iii) a service agreement comes to an end. There are legal exceptions when data cannot be erased, but those exceptions are limited.

As a preliminary matter, it is imperative for any organization to assess the risks to privacy and security and demonstrate that it is in compliance. Organizations are required to: (i) conduct a full risk assessment; (ii) implement measures to ensure and demonstrate compliance; (iii) proactively help third-party customers and partners to comply; and (iv) prove full data control. Further, when a data breach occurs, the compromised organization must: (i) notify the authorities within 72 hours; (ii) describe the consequences of the breach; and (iii) communicate the breach directly to all affected subjects.

The requirements of GDPR are not to be taken lightly. All organizations must now be in a position to address these requirements in order to conduct business with EU citizens. For more information on assistance with this regulation and any other cyber-security and data privacy issues for your organization, please contact Charles “Drew” Hayes at cahayes@wegmanlaw.com.


Wegman Hessler specializes in business law for business leaders, applying legal discipline to solve business problems to help business owners run smarter. For more than 50 years, this Cleveland business law firm provides full-service strategic legal counsel for closely held businesses. Learn more at www.wegmanlaw.com.

Related Stories

Corporate Transparency Act Deemed Unconstitutional by Federal Court in Alabama: What This Means for Your Business


Executive Summary: By Kyle Baird On Friday, March 1, 2024, in the case National Small Business United, d/b/a the National Small Business Association vs. Janet Yellen. U.S. District Court, N.D. of…

Read More
2024 Business Checklist - Wegman Hessler Valore law firm Cleveland Ohio

2024 Guide: Staying on Top of Business Law and Personal Estate Plan Matters


Running a successful company requires more than just doing a good job for your clients and customers. It also requires legal discipline to protect and grow business value. We recently…

Read More

Video: Corporate Transparency Act 2024 – New Reporting Requirements for US-Based Small Businesses and LLCs


The requirements of the Corporate Transparency Act 2024 are now in effect. This webinar provides details on what to expect and what to provide for business owners and leaders. For…

Read More