GDPR changes and compliance


 How do we know if the GDPR applies to us? If it does, how significant are the potential sanctions and will they realistically be imposed? We signed up for the EU-US Privacy Shield, it that enough? How can the GDPR reach and enforce its sanctions of US companies?


The General Data Protection Regulation (GDPR) created a new global and enforceable privacy and security standard. Potential sanctions include fines up to $28 M or 4% of a company’s annual global take. And this time they mean it.

Since 1995, the EU Privacy Directive has provided privacy “guidelines” to the EU, U.S. and Canada. The Regulation lacked binding authority and the result was that U.S. companies, faced with a data privacy question involving European data, developed the attitude that in the absence of an enforcement history they would not comply with the Directive.

In the wake of a series of international developments and court decisions in the U.S. and E.U, in April 2016 the EU Parliament approved the EU General Data Protection Regulation (GDPR) that will control privacy in the EU and countries dealing with the EU. The GDPR went into effect in May 25, 2018.

Cook Consulting Group can help you immediately address the basic GDPR requirements, incorporate its strict data protection policies, advise on the new accountability requirements, create the required incident response plan mandated by the GDPR and critically avoid the ultimate sanction of losing Including:

  • Strict data protection policies.
  • Enhanced record keeping obligations – especially all records of consent received by the ISSCR.
  • A mechanism to notify members within 72 hours of a data breach unless the breach is unlikely to impact the rights and freedoms of the individual.
  • Requirements for data protection impact assessment for elevated risk activities; and
  • Requirements for stronger security measures matching the risk of data breach and potential harm to individuals.