To-Do List for Companies Seeking Compliance with New Data Protection Regulations
As more and more states pass data privacy and protection legislation in an effort to protect consumer data, companies should look inward to determine whether they can meet new state regulations and guidelines, as well as the European Union’s General Data Protection Regulation (GDPR). The following to-do list can help companies quickly get up to speed to work toward the requirements and compliance with new data protection regulations.
Conduct an Audit of the Company’s Current Data Protection Policies and Protocols
How should you protect your organization? In order to prepare for data privacy regulations, companies should conduct an audit of their current data protection systems, policies, protocols, and procedures. Businesses should identify the type of data they manage and determine whether any consumer data is being sent out or received from third parties. Specifically, organizations should understand whether such data is also being further processed or controlled by any third parties.
The type of data and how it is handled by the company and any third parties engaged by the company will determine what practices will be necessary for data protection compliance. Therefore, the audit will help determine what the company needs to do to either get into compliance or stay in compliance with new regulations.
Create New Processes and Procedures to Help Ensure Compliance with New Data Protection Regulations
After a company performs an internal audit, creating formal written policies is important to work as a point of reference and guide. It would behoove companies to have these written procedures and guides reviewed by legal counsel experienced in consumer privacy and data regulation laws. Similarly, any new contracts entered into between the company and third parties handling consumer data should be reviewed by legal counsel, especially as all parties struggle to comply with the new data protection laws.
Legal counsel can also assist companies in determining whether anything falls under certain available exemptions, such as service provider exceptions. They can also assist in creating protocols to deal with deletion or opt-out requests. Any online privacy notices and consumer consents that are to be posted on company websites would benefit from a review and revision, if necessary, by counsel experienced in dealing with consumer data regulations and compliance.
Get All Employees to Understand the Company’s Consumer Data Protection Policies
Regardless of whether the company is big or small, companies should focus on making sure all teams in the company, from human resources to legal, from compliance to sales, understand the company’s policies on the protection of consumer data. Companies should also work to ensure that everyone handling private consumer data understand the important definitions of personal, sensitive, private, and consumer data, which may be defined differently under different jurisdictions and different data protection regulations.
Implement Ongoing Training and Learning Sessions
Lastly, training and education of staff is critical. Companies should have regular training sessions that are conducted periodically to help ensure that all staff is educated on the proper procedures the company has in force. Additionally, there should be a point person assigned to work with legal counsel to stay informed of relevant changes in laws or regulations that may affect the company. Staying informed will allow the company to be prepared to make necessary changes to its data protection policies and work to stay in compliance with as new regulations take effect.
Seeking Compliance with New Data Protection Regulations Isn’t Impossible
As changes in data privacy laws take effect, there are a few simple steps companies can take to work toward getting into compliance and maintaining it:
Conduct an Audit
Formalize New Policies
Educate Employees
Implement Ongoing Training
Sign up for and explore our content and thought leadership here.
About the Firm:
Klemchuk LLP is a litigation, intellectual property, transactional, and international business law firm dedicated to protecting innovation. The firm provides tailored legal solutions to industries including software, technology, retail, real estate, consumer goods, ecommerce, telecommunications, restaurant, energy, media, and professional services. The firm focuses on serving mid-market companies seeking long-term, value-added relationships with a law firm. Learn more about experiencing law practiced differently and our local counsel practice.
The firm publishes Intellectual Property Trends (latest developments in IP law), Conversations with Innovators (interviews with thought leaders), Leaders in Law (insights from law leaders), Culture Counts (thoughts on law firm culture and business), and Legal Insights (in-depth analysis of IP, litigation, and transactional law).