Do I need to comply with GDPR?

The world is getting smaller and the customer base is expanding. Someone in Germany accessed your website and signed up for your newsletter. Does this suddenly require you to spend thousands of dollars getting into compliance with the EU’s new General Data Protection Regulation?

The GDPR is long and sometimes ambiguous, but ultimately it is about being transparent with your clients and customers about the data you collect from them, why you collect it from them, and what their rights are with respect to that data. Even if GDPR hadn’t come into effect, this would be a healthy exercise. But it can have some more impactful consequences too, so we will help identify whether your company is a “controller” or a “processor” of the personal data of subjects who are “in the EU” and what steps to take to comply if compliance is necessary, without unnecessarily making you comply with all 99 regulations if you don’t have to. If your company must appoint a “data protection representative” under Article 27 of the GDPR, we can help you find one most appropriate for a business of your size. We’ll help you develop a robust understanding of your own data protection measures at the same time.

Recent Projects

Consulting with academic organizations with international membership about how comply with the GDPR in Europe while maintaining a database of their members to supply journals and for archival purposes.

Advising a small payment platform developer who is processing information of European customers for online stores based in Europe about Data Protection Agreement.

Giving presentations to the Nashville Technology Center and the Entrepreneur Center about GDPR compliance