As any lawyer will tell you, a law or regulation is only partially about the words as written; it is only when the law begins to be enforced by regulators and courts that one can truly tell what factors the authorities will consider critical, so we have provided insights from our work with our clients to tell you what they are doing now to prepare for GDPR. If you are outside the norm in your level of preparedness for the GDPR, you are putting your firm at an additional risk.
Finally, if you think you can ignore the GDPR because your company is not incorporated or physically located in the European Union, think again. The GDPR is applicable to any firm which has the PII of any EU citizen and the EU is preparing to enforce the GDPR world wide – particularly against ‘deep pocket’ targets.
