Companies not preparing for significantly stricter data protection regulations that take effect in May across the European Union are sticking their heads in the sand, McGuireWoods London senior associate Andrea Ward warned in a speech at the GDPR Summit in London.
“You need to be wary about consent,” she said in an Oct. 9 presentation at the conference, which focused on the EU’s General Data Protection Regulation. Her address was covered in an Oct. 9 article by Fresh Business Thinking, an online news source tailored for business owners, directors and entrepreneurs.
The GDPR, which compels businesses to protect the privacy and personal data of EU citizens for transactions within EU member states, imposes crippling fines as high as €20 million (currently $23.6 million U.S.) or 4 percent of turnover, she noted.
The new data protection regimen won’t apply exclusively to EU-based businesses, Ward said, explaining that it affects any company that processes data belonging to data subjects in the EU “by a controller or processor not established in the Union.”