Our experienced gdpr compliance consultants are not registered to practice law in foreign jurisdictions and will not provide clients with local jurisdiction legal advice. Instead, we work within your team to assess your organization's GDPR compliance risk and deploy established, recognized, Data Protection "best practices" and compliance tools, in each applicable eu jurisdiction (supplemented by local counsel guidance when necessary to identify jurisdiction-specific gdpr considerations).
In anticipation of the May 2018 deadline for GDPR enforcement, "regulatory" DPO appointments will be available (on a two-year (min.) contract, quarterly retainer, basis), in conjunction with deployment of a strong GDPR compliance program. (Failure to achieve timely GDPR compliance may effectively void the legal protection any of Privacy Shield-qualified transfers.) Because the termination of a DPO will need to be documented and justified based on the GDPR guidelines, careful consideration of the business experience and privacy expertise of the initial DPO appointee will be very important. GDPR Design Group DPO resources will include with sufficient legal and business experience in technology and marketing to apply prudent business judgment in guiding GDPR compliance programs.
Contact: Roger D. Edwards, Esq., M.B.A, Principal Consultant
Privacy Professional Certifications:
** International Association of Privacy Professionals https://iapp.org/
IAPP "Fellow Of Information Privacy" designation (FIP)
CIPP/US (USA), CIPP/E (EU), CIPM (PRIVACY PROGRAM M ANAGER) & CIPT (PRIVACY TECHNOLOGIST)
** IT Governance UK www.itgovernance.co.uk/
Phone: (mobile) 650.380.9887
LEGAL NOTICE: THE GDPR WILL ON MAY 25, 2018 BECOME LAW IN ALL EU JURISDICTIONS. ALTHOUGH THE IDENTICAL LAW WILL BE EFFECTIVE IN EACH EU JURISDICTION, IT WILL BE ENFORCED BY 28 COMPETENT REGULATORS AND THERE CAN BE NO ASSURANCES THAT A COMPLIANCE PROCEDURE SATISFYING ONE EU REGULATOR WILL SUFFICE WHEN EVALUATED BY A DIFFERENT EU REGULATOR. MANY GDPR OBLIGATIONS WILL BE IDENTICAL TO OBLIGATIONS UNDER THE EU DIRECTIVE AND THERE CAN BE NO ASSURANCE THAT THE EXTENT OF A CLIENT'S PAST NON-COMPLIANCE WITH EU DIRECTIVE WILL NOT BE TAKEN INTO ACCOUNT BY AN INDIVIDUAL REGULATOR IN ASSESSING GDPR FINES OR ADMINISTRATIVE ACTIONS. IN ADDITION, THERE IS NO WAY TO PROVIDE ASSURANCES AS TO WHICH SPECIFIC GDPR COMPLIANCE OBLIGATION A PARTICULAR EU REGULATOR MAY CHOOSE TO PRIORITIZE, RANDOMLY QUERY, EXAMINE AND AUDIT OR CHOOSE AS BASIS TO IMPOSE A FINE. FAILURE TO FULLY COMPLY WITH THE GDPR IN ANY RESPECT AS OF MAY 25, 2018, SUBJECTS A PARTY TO IMMEDIATE LIABILITY FOR THE STATED FINES, NOTWITHSTANDING DILIGENT EFFORTS TO ACHIEVE COMPLIANCE. PROGRESS ACHIEVING COMPLIANCE MAY ALSO BE AFFECTED BY THE IMPACT OF A CLIENT'S (I) RESOURCE ALLOCATION DECISIONS, (II) GDPR OBLIGATION PRIORITIZATION DECISIONS, OR (III) UNWARRANTED DELAY IN COMMENCING GDPR COMPLIANCE ACTIVITIES AFTER MAY, 2016. BECAUSE OF THE FOREGOING FACTORS, GDPR DESIGN GROUP AND AFFILIATED CONSULTANTS MAKE NO REPRESENTATIONS AND ACCEPT NO LIABILITY FOR REGULATORY FINES OR CIVIL LIABILITY FOR NON-COMPLIANCE .