General Data Protection Regulation (GDPR)

The European Union’s General Data Protection Regulation (GDPR) has created a fundamental shift in the way that companies think about collecting, using, storing, and sharing data. The long reach of GDPR has the potential to affect companies on a global scale, no matter where they are located, as the GDPR is designed to follow the data.

Kelley Drye’s attorneys have worked extensively with clients to ensure that they are prepared for the new Regulation. We offer a unique regulatory perspective developed from years of advising companies across many industries on data privacy and protection, marketing, and cybersecurity matters. This broader cross-disciplinary approach facilitates our ability to offer strategies and solutions that meaningfully address compliance objectives while remaining practical.

Our GDPR experience includes broad-based counseling on all aspects of the Regulation, including advice to companies on whether the Regulation applies to a particular business, privacy policy revisions, data processing agreements, a lawful basis analysis, marketing and cookie consents, appointment of a data protection officer, lawful data transfer mechanisms (and corresponding implementation), and data subject requests, among other issues.

We also work closely with clients to perform data mapping across the enterprise to efficiently identify the data collection practices for customer and employee data, including how that data is managed, stored, and transferred within and outside the organization, and throughout the data lifecycle. We use this information to conduct a gap analysis and to develop a prioritized, risk-based plan for addressing obligations. We also assist clients in performing privacy impact assessments and related compliance audits and due diligence reviews. In short, we work with our clients to help design, right-size, and update their GDPR programs so that they are reflective of the latest guidance and industry benchmarks.

Our experience also includes preparing GDPR-oriented policies and procedures, negotiating GDPR contract materials, and handling all aspects of security incident response.

Our clients also appreciate our support and advice in determining whether a regional or global approach to privacy and data protection is optimal, given the nature of their data practices.

Our relevant clients include retailers, publishers, technology providers and platforms, software developers, financial service companies, cloud providers, entertainment companies, among other industries.

Team Members