GDPR Compliance

GDPR Compliance

The European Union’s General Data Protection Regulation (“GDPR”) has far reaching
implications for international and domestic organizations. As a complicated regulation that
impacts technological, administrative and legal aspects of a business, a multidisciplinary
approach allows XPAN to provide robust guidance in moving toward compliance. XPAN
counsels clients in all facets of GDPR compliance to provide clarity and certainty data
management within the European Union, and beyond.

GDPR Services

  • GDPR Compliance Assessments
  • Developing administrative records of collecting, processing and storing activities
  • Cross-border data transfer consulting
  • Third-Party Provider Review and Compliance Assessments
  • Governmental agency or supervisory authority privacy compliance investigations
  • Outsourced Data Protection Officer
  • Internal Employee Privacy Training
  • Draft internal and external policies, procedures and guidelines related to privacy
  • Advise early stage and start-up businesses in privacy strategy and implementation
  • Opinion letters

In the increasingly global data economy, data protection regulations are playing a key role in how to create comprehensive information governance program. The European Union’s General Data Protection Regulation (GDPR) is a leading regulation in data privacy, incorporating fundamental principles and guidance on how to approach this evolving world of data. XPAN’s team provides unique perspectives on the rapidly changing world in our on-going blog series.

Learn more about the GDPR from our team, produced by Drexel University Online:

First Step of Data Privacy Compliance: Understanding Your Data

By Antonia Dumas, an Associate at XPAN Law Group. If you have been following our blog, we hope you know (and agree) that that data privacy is a priority. The next question is: what can you do for your company? You have recognized the importance of addressing data privacy issues and having been introduced to […]

Lessons from the first GDPR Enforcement Notice

Since the European Union’s General Data Protection Regulation (“GDPR”) went into effect in May of this year, and for months prior to “GDPR Day”, the number one question has been how will the various data protection authorities enforce the GDPR? Will the EU use this new regulation as a hammer? Will there really be fines […]

Restricted Transfer or No Restricted Transfer – That is the Question Here

By Carolin Brucker Cabe, an Associate at XPAN Law Group, LLC. ICO’s latest publication gives rise to speculations regarding international transfers under the GDPR and how they might be handled in the future. This comes at a time when the countdown to Brexit draws closer to completion, but is still “up in the air”. The […]

Privacy is a Blue Chip Investment for Businesses

I recently read an article in the wake of the precipitous drop in Facebook stock, titled: “Facebook ‘puts privacy first’ and stocks plunge 20%”. The title alone was enraging. To suggest that prioritizing privacy can cause Facebook to suffer a devaluation is preposterous and a serious disservice to companies everywhere. But, before the air gets […]

So, it begins: California adopts legislation that reminds many of the GDPR

A common question that we receive at our firm is: will the U.S. adopt legislation similar to the GDPR? And, if yes, what will that look at? Well, let us look into our “magic-8” ball . . . . And, no surprise, it looks like privacy is moving (slowly) across the pond to the US […]

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

This article originally appeared on KuppingerCole Analyst’s Blog on June 26, 2018 and is available in its original here. * * * * * Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before […]

Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16

How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest news, shopping, and friend’s updates all on the same platform — companies are increasingly trying to harness those platforms to drive customers to them.  Even our firm has a Facebook page, a LinkedIn page, and a […]

In case you missed it, the CLOUD Act is now law

In the midst of the Microsoft case, Senators Orrin Hatch (R-Utah), Christopher Coons (D-Del.), Lindsey Graham (R-S.C.) and Sheldon Whitehouse (D-R.I.), introduced the Clarifying Lawful Overseas Use of Data Act, or “CLOUD Act” in February, to create a framework for law enforcement to access data that is stored overseas.   At the time the CLOUD Act was first introduced, we addressed some of the potential impacts the Cloud Act would have in light of the pending Microsoft case, and the jurisdiction of data generally.  

But, I never gave you my data? The GDPR’s impact on data subject rights

Let us set the scene.  You receive an email: sign-up for LinkedIn! Facebook! Instagram! [Fill in your Service of Choice here.]  And, once you click to create an account, the information is mostly pre-populated: your name, your email address, your current job, your “friends”, your location/region — a number of pieces of information that may have you shaking your head asking:  how did they compile all of this information without my input and without me even knowing it?

The GDPR and Higher Education #4: International Data Transfers

We are concluding our series on the Impact of the European Union’s General Data Protection Regulation (“GDPR”) on Higher Education Institutions located in the United States.  The first post frames the application of the GDPR to higher-education institutions; the second post focuses on the two key roles under the GDPR:  data controllers and data processors; and the third post focuses on data processing and key rights under the GDPR.  This final post in the series discusses the data transfer provisions under the GDPR:  key to US-based institutions that intend to transfer data related to EU data subjects to the United States.