GDPR Compliance

GDPR Compliance

The European Union’s General Data Protection Regulation (“GDPR”) has far reaching
implications for international and domestic organizations. As a complicated regulation that
impacts technological, administrative and legal aspects of a business, a multidisciplinary
approach allows XPAN to provide robust guidance in moving toward compliance. XPAN
counsels clients in all facets of GDPR compliance to provide clarity and certainty data
management within the European Union, and beyond.

GDPR Services

  • GDPR Compliance Assessments
  • Developing administrative records of collecting, processing and storing activities
  • Cross-border data transfer consulting
  • Third-Party Provider Review and Compliance Assessments
  • Governmental agency or supervisory authority privacy compliance investigations
  • Outsourced Data Protection Officer
  • Internal Employee Privacy Training
  • Draft internal and external policies, procedures and guidelines related to privacy
  • Advise early stage and start-up businesses in privacy strategy and implementation
  • Opinion letters

In the increasingly global data economy, data protection regulations are playing a key role in how to create comprehensive information governance program. The European Union’s General Data Protection Regulation (GDPR) is a leading regulation in data privacy, incorporating fundamental principles and guidance on how to approach this evolving world of data. XPAN’s team provides unique perspectives on the rapidly changing world in our on-going blog series.

Learn more about the GDPR from our team, produced by Drexel University Online:

One Ring to Rule Them All

With large cyber breaches like Instagram, Target, and Equifax it isn’t a surprise that the National Association of Insurance Commissioners (NAIC) issued the Data Security Model Law (MDL-668) (the “Model Law”).  The Model Law heavily borrows from the New York Department of Financial Services (NYDFS) cybersecurity regulations that went into effect on March 1, 2017. […]

Look Before You Leap.. Privacy and Security in M&A Transactions

For those of us in the privacy and security area, the European Union’s General Data Protection Regulation (“GDPR“) has dramatically changed the landscape and the platform privacy and security enjoy both domestically and abroad.  The GDPR is driving much of the conversation around privacy and security but we have also seen a renaissance in privacy […]

Google’s First GDPR Appeal: What’s at Stake?

This post is authored by Matt Avellino, a second-year law student at Villanova University’s Charles Widger School of Law. Mr. Avellino is a legal-intern with the XPAN Law Group. Google is gearing up to appeal a €50 million privacy violation resulting from the French data protection agency, CNIL. Although the fine is miniscule when compared […]

Where are we now? Six Months Into the GDPR

On May 25, 2018, the European Union’s General Data Protection Regulation (“GDPR”) went into effect, and largely took the corporate world by surprise. In the ensuing six-plus months, the negative speculation on the impact of the GDPR has run rampant: it will destroy innovation, companies will be put out of business with extraordinary fines — […]

Rebecca Rakoski Periodical on Privacy in 2018 for Policy & Medicine’s Compliance Update

Rebecca L. Rakoski, Esq.’s periodical, ‘A Modern Renaissance Privacy in 2018 and Its Continuing Domestic Evolution,’ has been published in Policy & Medicine‘s Compliance Update.  Below is an excerpt from the article… These days, it seems that nearly every evolved country in the world recently passed a piece of sweeping privacy regulation. In a global […]

A Brief Overview of the EDPB’s Provisional Guidelines on Art. 3 of the GDPR

On November 16, 2018, the European Data Protection Board (“EDPB”) adopted Guidelines 3/2018 on the territorial scope of the GDPR, soliciting public consultation through January 18, 2019. These are not final, but are providing some key guidance on the jurisdictional reach of the GDPR, a critical aspect for many entities. Article 3 of the GDPR […]

First Step of Data Privacy Compliance: Understanding Your Data

By Antonia Dumas, an Associate at XPAN Law Group. If you have been following our blog, we hope you know (and agree) that that data privacy is a priority. The next question is: what can you do for your company? You have recognized the importance of addressing data privacy issues and having been introduced to […]

Lessons from the first GDPR Enforcement Notice

Since the European Union’s General Data Protection Regulation (“GDPR”) went into effect in May of this year, and for months prior to “GDPR Day”, the number one question has been how will the various data protection authorities enforce the GDPR? Will the EU use this new regulation as a hammer? Will there really be fines […]

Restricted Transfer or No Restricted Transfer – That is the Question Here

By Carolin Brucker Cabe, an Associate at XPAN Law Group, LLC. ICO’s latest publication gives rise to speculations regarding international transfers under the GDPR and how they might be handled in the future. This comes at a time when the countdown to Brexit draws closer to completion, but is still “up in the air”. The […]

Privacy is a Blue Chip Investment for Businesses

I recently read an article in the wake of the precipitous drop in Facebook stock, titled: “Facebook ‘puts privacy first’ and stocks plunge 20%”. The title alone was enraging. To suggest that prioritizing privacy can cause Facebook to suffer a devaluation is preposterous and a serious disservice to companies everywhere. But, before the air gets […]