Whether you are a B2C or a B2B company, data has become a strategic asset. It is a driver of new business models and business processes and a source of tremendous value. GCs will be instrumental in sponsoring and driving GDPR readiness projects, bringing different specialisms together and becoming data protection diplomats.

Life was easy without the GDPR
Your company’s data will be regulated by the General Data Protection Regulation (the GDPR), which will enter into force on 25 May 2018. GDPR is important for all companies as IT and data are used in every day business. Does your company rely on data for your sales/marketing, R&D, or HR? Then the GDPR is relevant to you.

Life was easy without the GDPR. Under the GDPR, data protection rules have multiplied, they have become stricter and fines are much higher. It is no wonder that companies are struggling to comply with this new regulation, especially now that the deadline is only around the corner! In fact, the GDPR requires an entirely new level of maturity when it comes to IT, IT security, business process management, vendor management and corporate governance. If done properly, your GDPR readiness project will be one of the biggest and multidisciplinary change projects your company will ever undergo.

Business opportunity rather than risk
Rather than ‘risk’, we believe that the real driver behind GDPR readiness is business opportunity. It is a necessary prerequisite for any company with a digital transformation agenda. Ever wondered how IT security could secure your company’s systems if they do not know what systems you have? Ever wondered how your data analysts would do their job if they do not know what data they could use? By investing in GDPR compliance your company will gain control over its IT landscape and data.

The GDPR has a wonderful methodology to this extent:

  • Map your systems and data flows (what kind of personal data we have?)
  • Perform a privacy impact assessment (how do we use personal data?)
  • Implement mitigating measures (how do we treat customers and employees fairly?)
  • Manage and administer risk (how do we deal with residual risks?)
  • Communicate (how do we inform customers and employees about what we do with personal data?)

Build a case 2.0 for strategic data use
All this is taking place in the centre of exponential technological change. Now it’s time to ‘build a case 2.0’ for strategic data use. Raise your level of data compliance in the New Year and sometimes take controlled business risks. Create project groups to integrate the business views. Document carefully why a certain practice is necessary for the business. And last but not least, use your data analysts to show that customers have not objected to the processing, ensure privacy settings have been tested, and show that transparency has been taken into account.

GDPR toolbox: get a headstart
To help you with the above, Allen & Overy has created the ‘GDPR-toolbox’ which contains necessary documentation and guidance to help you to become GDPR compliant. The toolbox even gives you a head start to becoming NIS, MiFiD II, PSD II or ePrivacy compliant. The next frontier of EU data regulation. Please contact us should you require more information.

About the authors:

Wanne Pemmelaar
Wanne specialises in IT and advises clients, including leading ICT suppliers, on data protection law, data security breaches, IT and outsourcing contracts, e-commerce law and intellectual property law. His passion is to assist clients in navigating the legal landscape against the backdrop of exponential data and tech developments. He believes that data are a valuable strategic asset and a driver of new business models and processes. Wanne advised a large number of multinationals with their shift to the cloud and has helped clients set up global data compliance and data security breach programs. He has in-depth knowledge of the privacy and licence aspects of apps marketing, innovative data use (such as profiling) and complex data sharing systems involving numerous parties. In addition, he has assisted clients during various data protection and telecoms investigations and litigation, including providing practical and strategic advice on mitigating measures and dealings with press and other stakeholders.
T: 020 674 1443
E: wanne.pemmelaar@allenovery.com
Elise Troll
Elise specialises in data protection, competition law, general administrative law, telecom and energy. She has experience in advising on commercial contracts, data protection and telecom queries. She has advised several companies regarding privacy requirements for the launch of internet platforms and webshops. Her practice also involves advising and representing companies on topics concerning general administrative law. Furthermore, she advised the national government on the implementation of legislation in the energy sector.  Elise joined Allen & Overy in 2012 after graduating from Leiden University where she specialised in European law.
T: 020 674 1435
E: elise.troll@allenovery.com