GDPR Compliance

GDPR Compliance

The European Union’s General Data Protection Regulation (“GDPR”) has far reaching
implications for international and domestic organizations. As a complicated regulation that
impacts technological, administrative and legal aspects of a business, a multidisciplinary
approach allows XPAN to provide robust guidance in moving toward compliance. XPAN
counsels clients in all facets of GDPR compliance to provide clarity and certainty data
management within the European Union, and beyond.

GDPR Services

  • GDPR Compliance Assessments
  • Developing administrative records of collecting, processing and storing activities
  • Cross-border data transfer consulting
  • Third-Party Provider Review and Compliance Assessments
  • Governmental agency or supervisory authority privacy compliance investigations
  • Outsourced Data Protection Officer
  • Internal Employee Privacy Training
  • Draft internal and external policies, procedures and guidelines related to privacy
  • Advise early stage and start-up businesses in privacy strategy and implementation
  • Opinion letters

In the increasingly global data economy, data protection regulations are playing a key role in how to create comprehensive information governance program. The European Union’s General Data Protection Regulation (GDPR) is a leading regulation in data privacy, incorporating fundamental principles and guidance on how to approach this evolving world of data. XPAN’s team provides unique perspectives on the rapidly changing world in our on-going blog series.

Learn more about the GDPR from our team, produced by Drexel University Online:

Biometric Data under the GDPR

With the launch of the iPhone X, the debate around using biometric data as an authentication method has become mainstream.  To recap, the iPhone X is making thumbprint access to a mobile device a thing of the past:  now, all you need is your face (and, of course, the iPhone X).  While thumbprint access has become standard in most mobile devices, the use of facial recognition is new for most consumers.

Sticking Your Head in the Sand: How NOT to Approach the GDPR

In speaking with entities, of all sizes and all industries, we are often confronted with the same series of questions over and over again regarding the EU’s General Data Protection Regulation (“GDPR”):  why do I need to comply?  Is the EU really going to enforce this?  What are the odds (as if we have a Magic 8-Ball) that the EU will actually sanction me?  That is in essence like saying: what are the odds I will be hit by a car?  I don’t know, but I still look both ways before crossing the street and I have insurance because I don’t want to risk it.  The doubters, the deniers, the wait-and-see’ers;  these are the entities that will get hit by the GDPR.  They hope that the GDPR will not be as extensive, or as intrusive, or as devastating as privacy experts are saying and while we don’t have a Magic 8-Ball, the response we give these naysayers is, “All signs point to Yes!”.

Introduction to the GDPR Series

Welcome to the “Are You Ready? The GDPR and What You Need to Know” Series.  Over the next 11 months, we will explore the various articles of the General Data Protection Regulation (“GDPR”), adopted by the European Union (“EU”) in May 2016 and set to take effect in May 2018.