banner
Resources for Professional Firms
Article

Confused about GDPR? Dive into our Resource Hub

The EU's General Data Protection Regulation applies to any business that collects, records, and stores personal data and undertakes processing activities with this data, and can apply to businesses outside the EU.

Main Image

Keeping you up to date on the latest GDPR developments

Revisit our GDPR Resource Hub on a regular basis to access information on why you need to take note of changing data protection laws, and specifically, the steps you need to take to get ready for GDPR. Our lawyer and accountant members will provide regular updates on developments in their countries and can provide advice on what your business needs to do, wherever you are located in the world. 

Quick summary

The European Union General Data Protection Regulation (referred to as 'GDPR') will be directly applicable in all EU Member States after the transitional implementation period of two years (May 25th 2018). Data protection laws in EU countries are being amended accordingly.

Who does this apply to?

If your organisation or business collects, records, and stores personal data and undertakes processing activities with this data, then you need to be aware of and comply with the new laws. There are also interesting implications for lawyers and accountants in terms of carrying out their everyday client business! 

Does it apply to companies based outside the EU?

The changes also have real implications for companies based outside the EU - Philip McBride, partner at John McKee Solicitors in Belfast, comments: 

"Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR as it applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location."

Conflicts of legal concepts for lawyers and accountants?

Austria lawyer Juergen Brandstaetter questions how carefully GDPR has been considered and whether it presents a conflict of legal concepts for some businesses: 

"Consider a law practice where lawyers are trained on the need to retain client files for a certain time period. Yet under GDPR rules, if a lawyer is required to delete much of this data, how can a proper conflict of interest check take place? The bigger the law firm, the bigger the problem is likely to be."

What will happen if we do not comply?

Companies could be hit hard in the pocket, as Juergen Brandstaetter, Partner at BMA in Vienna, confirms: "The potential imposition of fines of up to Euros 20 million or, in the case of a company, up to 4% of worldwide annual turnover, is probably the biggest threat posed to companies by GDPR."

Are the new laws being enforced yet?

GDPR is already in force in jurisdictions including (but not limited to) the UK and Austria, but will not be enforced until after the end of the transitional implementation period of two years (May 25th 2018). 

What are the next steps?

Companies need to act now to ensure compliance by reviewing their current policies and procedures. Read the articles below for more information: