Fox Rothschild LLP has deployed a new mobile app to assist companies, including franchisors, as they rush to comply with the European Union’s General Data Protection Regulation (GDPR) – a complex set of new data privacy rules with major implications for businesses. The app – GDPR Check – helps businesses catalog their data management practices and policies to determine necessary steps to comply with GDPR when it takes effect in May.
“The pending implementation of GDPR will impact all companies that process or control the personal data of any EU citizen,” said Mark G. McCreary, chief privacy officer at Fox Rothschild and co-creator of GDPR Check. “Every business, regardless of where it is headquartered, will be responsible for complying with these sweeping new data privacy rules when collecting or processing Personal Data,” said Daniel L. Farris, co-chair of the Fox’s Technology Group and co-creator of GDPR Check.
Even if a business does not collect personal data from EU citizens, the GDPR requirements apply to that business if it provides services to another business that must comply with GDPR. Failure to comply with the regulations can result in fines of up to €20 million (approx. US$24.7 million) or 4 percent of global annual revenue in the prior year.
GDPR Check maps an organization’s data management practices in 17 areas that are key to determining compliance, including:
- Types of data collected
- Privacy policies (external and internal)
- Data retention
- Breach readiness
The app produces a report for each key area that a company can share with its attorneys and compliance team.
GDPR is intended to protect the rights of EU citizens to control the use of their personal data, including customer data such as birthdates, mailing addresses, IP addresses, product purchases and payment information, as well as supplier data, employee data and “sensitive data” such as health information, race, and sexual orientation.
This is the second app Fox Rothschild has launched in the data privacy space. The firm also maintains Data Breach 411, which provides easy access to applicable state statutes and breach notification rules to enable in-house counsel and compliance professionals, in the midst of a data breach crisis, to quickly identify controlling law and relevant guidance.