GDPR Compliance

GDPR Compliance

The European Union’s General Data Protection Regulation (“GDPR”) has far reaching
implications for international and domestic organizations. As a complicated regulation that
impacts technological, administrative and legal aspects of a business, a multidisciplinary
approach allows XPAN to provide robust guidance in moving toward compliance. XPAN
counsels clients in all facets of GDPR compliance to provide clarity and certainty data
management within the European Union, and beyond.

GDPR Services

  • GDPR Compliance Assessments
  • Developing administrative records of collecting, processing and storing activities
  • Cross-border data transfer consulting
  • Third-Party Provider Review and Compliance Assessments
  • Governmental agency or supervisory authority privacy compliance investigations
  • Outsourced Data Protection Officer
  • Internal Employee Privacy Training
  • Draft internal and external policies, procedures and guidelines related to privacy
  • Advise early stage and start-up businesses in privacy strategy and implementation
  • Opinion letters

In the increasingly global data economy, data protection regulations are playing a key role in how to create comprehensive information governance program. The European Union’s General Data Protection Regulation (GDPR) is a leading regulation in data privacy, incorporating fundamental principles and guidance on how to approach this evolving world of data. XPAN’s team provides unique perspectives on the rapidly changing world in our on-going blog series.

Learn more about the GDPR from our team, produced by Drexel University Online:

Where are we now? Six Months Into the GDPR

On May 25, 2018, the European Union’s General Data Protection Regulation (“GDPR”) went into effect, and largely took the corporate world by surprise. In the ensuing six-plus months, the negative speculation on the impact of the GDPR has run rampant: it will destroy innovation, companies will be put out of business with extraordinary fines — […]

Rebecca Rakoski Periodical on Privacy in 2018 for Policy & Medicine’s Compliance Update

Rebecca L. Rakoski, Esq.’s periodical, ‘A Modern Renaissance Privacy in 2018 and Its Continuing Domestic Evolution,’ has been published in Policy & Medicine‘s Compliance Update.  Below is an excerpt from the article… These days, it seems that nearly every evolved country in the world recently passed a piece of sweeping privacy regulation. In a global […]

A Brief Overview of the EDPB’s Provisional Guidelines on Art. 3 of the GDPR

On November 16, 2018, the European Data Protection Board (“EDPB”) adopted Guidelines 3/2018 on the territorial scope of the GDPR, soliciting public consultation through January 18, 2019. These are not final, but are providing some key guidance on the jurisdictional reach of the GDPR, a critical aspect for many entities. Article 3 of the GDPR […]

First Step of Data Privacy Compliance: Understanding Your Data

By Antonia Dumas, an Associate at XPAN Law Group. If you have been following our blog, we hope you know (and agree) that that data privacy is a priority. The next question is: what can you do for your company? You have recognized the importance of addressing data privacy issues and having been introduced to […]

Lessons from the first GDPR Enforcement Notice

Since the European Union’s General Data Protection Regulation (“GDPR”) went into effect in May of this year, and for months prior to “GDPR Day”, the number one question has been how will the various data protection authorities enforce the GDPR? Will the EU use this new regulation as a hammer? Will there really be fines […]

Restricted Transfer or No Restricted Transfer – That is the Question Here

By Carolin Brucker Cabe, an Associate at XPAN Law Group, LLC. ICO’s latest publication gives rise to speculations regarding international transfers under the GDPR and how they might be handled in the future. This comes at a time when the countdown to Brexit draws closer to completion, but is still “up in the air”. The […]

Privacy is a Blue Chip Investment for Businesses

I recently read an article in the wake of the precipitous drop in Facebook stock, titled: “Facebook ‘puts privacy first’ and stocks plunge 20%”. The title alone was enraging. To suggest that prioritizing privacy can cause Facebook to suffer a devaluation is preposterous and a serious disservice to companies everywhere. But, before the air gets […]

So, it begins: California adopts legislation that reminds many of the GDPR

A common question that we receive at our firm is: will the U.S. adopt legislation similar to the GDPR? And, if yes, what will that look at? Well, let us look into our “magic-8” ball . . . . And, no surprise, it looks like privacy is moving (slowly) across the pond to the US […]

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

This article originally appeared on KuppingerCole Analyst’s Blog on June 26, 2018 and is available in its original here. * * * * * Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before […]

Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16

How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest news, shopping, and friend’s updates all on the same platform — companies are increasingly trying to harness those platforms to drive customers to them.  Even our firm has a Facebook page, a LinkedIn page, and a […]