The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

For many organizations that are based outside the EU and took the “wait and see” approach, our checklist may come in handy, which gives an illustrative overview of the requirements likely to impact most types of businesses and the practical steps that organizations need to take to meet those requirements.  We also have a chatbot powered by artificial intelligence that helps clients to determine whether the GDPR applies to their business.

Over four years in the making, the EU General Data Protection Regulation (GDPR) was finally published in the EU Official Journal on May 4, 2016, giving a concrete application date. It will apply directly in all EU Member States beginning May 25, 2018. The GDPR will repeal and replace Directive 95/46/EC and its Member State implementing legislation.

Together with the Directive on the Processing of Personal Data for the Purpose of Crime Prevention, the GDPR presents the most ambitious and comprehensive changes to data protection rules around the world in the last 20 years. The final official texts can be found here.

The GDPR rules apply to almost all private sector processing by organizations in the EU or by organizations outside the EU that target EU residents. The export regime will ensure the GDPR’s impact is felt where such organizations transfer personal data to the EU. The maximum fines for non-compliance are the higher of €20 million (approximately $23 million U.S. dollars) and 4% of the organization’s worldwide turnover.

The concept of accountability is at the heart of the GDPR rules: it means that organizations will need to be able to demonstrate that they have analysed the GDPR’s requirements in relation to their processing of personal data and that they have implemented a system or program that allows them to achieve compliance.

To assist our clients with navigating the GDPR’s requirements, we have developed a GDPR Checklist, linked below, and have planned introductory events and master classes to be held via webinar, and in-person in London, Paris, Frankfurt, Munich, and Amsterdam. Registration information may be found below.