Access our “EU GDPR in 13 Game Changers” Publication here.

On 25 May 2016, the GDPR finally entered into force after years of consulting, drafting and negotiating at various levels.  It will start to apply as of 25 May 2018 giving organisations a limited window to get ready for the new rules.  

The real work starts now

While the EU legislators might be leaning back now with the GDPR officially in force, for private and public sector organisations and data protection regulators the real work only starts now.  The GDPR introduces multiple new rules which will require close consideration and operational changes at various levels.  With its 99 Articles and 173 Recitals, the GDPR is by no means an easy piece of legislation to get one’s head around.  In addition, multiple opening clauses allowing EU Member States to diverge from the GDPR rules will further complicate compliance efforts.

The GDPR game changers

The clock is ticking and organisations would be wise to assess sooner rather than later how the GDPR will affect their business models and data processing practices.  To assist organisations with this process, we at Baker & McKenzie have devised a GDPR Game Plan. We have identified 13 areas of particular interest (the so-called ‘Game Changers’) that organisations need to be aware of and address as a matter of priority.  For each of those Game Changers, we have prepared a detailed analysis summarising what it is about, explaining what it means in terms of data protection compliance and suggesting steps that organisations might want to take to ensure compliance.  We have now published these Game Changer articles in our “EU GDPR in 13 Game Changers” Publication which you may access and download here.

What lies ahead

Needless to say that the GDPR is still in its infancy and raises many questions which cannot be answered with certainty at this point in time.  As much as businesses and other organisations have a lot of work to do, regulators will also need to start rolling up their sleeves.  One of their tasks will be to support organisations by issuing guidance on how they will interpret the GDPR requirements in practice.  Our data protection experts in Europe and beyond will closely monitor regulators for such output, engage in conversations with them, and share their learnings between themselves and with our clients.  We will also share our expertise via b:INFORM and invite you to visit our portal from time to time to learn about the latest GDPR news.

The 13 Game Changers

1.  One Stop Shop
2.  Data Subjects’ Rights
3.  Profiling and Profiling-based Decision Making
4.  Consent
5.  Data Processing Operations
6.  Data Mapping
7.  Data Protection by Design and by Default
8.  Data Protection Impact Assessments
9.  Accountability
10. Data Protection Officer
11.  Cross-Border Data Transfer Rules
12.  Data Breach Notification
13.  Enforcement & Sanctions

Contributor:  Anna von Dietze