Following the anniversary of GDPR, William Long, Partner & Global Co-Leader of Privacy and Cybersecurity Practice at Sidley Austin and Vishnu Shankar, Associate, Privacy and Cybersecurity Practice at Sidley Austin, investigate the outcomes of the regulation.
Since the European Union’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018, it has had – and will continue to have – a significant impact on how companies do business across the world. In our experience of working with numerous different companies on GDPR compliance efforts, we see the following as being the three key areas of enduring impact for information and compliance professionals:
1. Data privacy and cyber security issues are now unequivocally board-level issues.
The GDPR, as is now well-known, allows privacy regulators in the European Economic Area (EEA) to levy fines of up to the greater of EUR 20m or 4% of annual worldwide gross revenues of the relevant corporate group. And such fines are not in the realm of mere possibility: the French privacy regulator recently levied a 50m fine on Google. We expect that other significant fines are likely to be forthcoming as various ongoing…
