GDPR Compliance

GDPR Compliance

The European Union’s General Data Protection Regulation (“GDPR”) has far reaching
implications for international and domestic organizations. As a complicated regulation that
impacts technological, administrative and legal aspects of a business, a multidisciplinary
approach allows XPAN to provide robust guidance in moving toward compliance. XPAN
counsels clients in all facets of GDPR compliance to provide clarity and certainty data
management within the European Union, and beyond.

GDPR Services

  • GDPR Compliance Assessments
  • Developing administrative records of collecting, processing and storing activities
  • Cross-border data transfer consulting
  • Third-Party Provider Review and Compliance Assessments
  • Governmental agency or supervisory authority privacy compliance investigations
  • Outsourced Data Protection Officer
  • Internal Employee Privacy Training
  • Draft internal and external policies, procedures and guidelines related to privacy
  • Advise early stage and start-up businesses in privacy strategy and implementation
  • Opinion letters

In the increasingly global data economy, data protection regulations are playing a key role in how to create comprehensive information governance program. The European Union’s General Data Protection Regulation (GDPR) is a leading regulation in data privacy, incorporating fundamental principles and guidance on how to approach this evolving world of data. XPAN’s team provides unique perspectives on the rapidly changing world in our on-going blog series.

Learn more about the GDPR from our team, produced by Drexel University Online:

Transferring data from Switzerland for eDiscovery purposes in a post-Schrems II world

Michael Simon Introduction: another one bites the dust On September 8, 2020, Adrian Lobsiger, the Swiss Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper that he no longer considers the Swiss US Privacy Shield agreement to be adequate for the purposes of lawfully transferring personal data from Switzerland to the US. […]

Transferring data from the EU for eDiscovery purposes in a post Privacy Shield World

Michael Simon A few weeks ago, I had the privilege of participating in a Masters’ Conference webinar on the topic of how to lawfully transfer EU data to the US after the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield agreement on July 16, 2020. Despite many uncertainties that remain from […]

The CJEU disrupts International Data Transfers, Again

The Court of Justice of the European Union (“ECJ”) released its much anticipated decision on July 16, 2020 regarding the transfer of personal data from the European Union (“EU”) to the United States (“US”). The full decision can be found here; and the ECJ press release can be located here.  The two main holdings of […]

The EU’s GDPR Turns 2!

Today marks the second anniversary of the EU’s General Data Protection Regulation. And, wow, what a two years it has been! Looking back to 2018, I can remember my email being flooded with privacy notice updates to account for the changes under the GDPR. It did cause me to pause at how  many (often too […]

The UK: They left the EU; did your data?

As many of you may know, the United Kingdom officially left the European Union on January 31, 2020, after forty-seven (47) years of membership. What does this mean? Well the short answer is: we do not really know yet.  The UK and the EU are now in a “transition period” that will last until at […]

Blockchain and Data Protection Laws: Can they Co-Exist?

Blockchain is a buzzword in the technology community, promising to combine unforseen computing power with the corresponding ability to confirm accuracy and legitimacy of transactions. The most common example of blockchain to the common user is cryptocurrency, the most popular of which is Bitcoin (or, at least, one of the most well-known). But, the use […]

The EDPB Offers Guidelines for Lawful Basis of Processing Based on the Necessity for the Performance of a Contract

By Michael A. Shapiro, Esq., CIPP/US/E, attorney with XPAN Law Group Article 6 of the General Data Protection Regulation (GDPR) requires that processing must be “lawful” on the basis of six specified conditions set forth in Article 6(1)(a) to (f).   One of the basis for lawful processing is the “necess[ity] for the performance of a […]

Vendor Risk Management: Playing with Fire and Risking Getting Burned

In 2019, the global average cost of a data breach is $3.92 million; a 1.5 percent increase from the 2018 study. While it is impossible to predict exactly where and when a data breach will occur, the costs associated with the breach of personal data is one no organization can really afford. Over the past […]

The Right to be Forgotten: Search Engines under the Recent CJEU cases

The further we evolve into a post-GDPR world, the more we are starting to see guidance come from a variety of sources. The European Data Protection Board (“EDPB”) continues to provide guidelines to fill in ambiguities in areas of the GDPR that are less clear. In addition, the Court of Justice of the European Union […]

An Active Summer for GDPR: Part II, Video Surveillance Data and the US CLOUD Act

In an effort to make sure everyone is up-to-date on the guidelines, decisions, and other relevant changes in European data protection, XPAN is providing a break down of what you may have missed over those relaxing summer months. Last week (available here), we provided a breakdown of the first of two plenary sessions held by […]