The General Data Protection Regulation (“GDPR”) can be a complex regulation for businesses—large and small. GDPR is a European Union (“EU”) law, but it applies outside of the EU because it applies to businesses and nonprofits processing personal data of persons who reside in the EU. We have assisted businesses, including non-profits, and individuals whose data have been compromised, identify the scope of GDPR, the category of data that require protection, the category of data that require heightened protection, exemptions that may apply, among other issues.

We have also helped companies establish processes and procedures to comply with GDPR. For example, Williams LLP helped businesses identify the qualifications of a Data Protection Officer (“DPO”), crafted language for personal data breach notification policy, created compliance protocol for erasing data, created policy around storage period, created policies around the consequences of a data breach. Williams LLP has helped individuals in vindicating their rights where their data has been compromised; and we have helped companies implement and comply with GDPR.