Presentation on GDPR to ABIE members by White & Case on 29 March 2018

“Welcome to the ABIE annual spring barbecue”, quipped ABIE President Bernard Tabary, as rain pelted down and guests shook dripping umbrellas.  Although the welcome words were warm, there was nothing light about the evening’s topic: GDPR compliance and its implications for business when it comes into force on May 25.

ABIE’S newest corporate member, international law firm White & Case, hosted the timely event on Thursday, March 29, in their sumptuous Place Vendome headquarters.

Bertrand Liard, White & Case’s Head of Intellectual Property and IT, and Counsel Clara Hainsdorf had meticulously prepared the presentation covering the background and key issues of GDPR.

 “Companies must have the ability to demonstrate compliance.  If not, the penalties are huge” said Clara Hainsdorf.

Fines can amount to 20 million euros, or 4% of total worldwide annual turnover, whichever is the highest.   Small businesses will also be affected.  The loss or theft of a non-encrypted company computer with sensitive date must be reported within 72 hours, or the company will face a fine.

Companies based outside Europe, but operating or interacting in Europe, must also comply with the GDPR regulations.  The new rules call for a general duty to notify any breach of data, and the controller must show that appropriate technical measures had been taken to guarantee a level of security.

Consent to the use of personal data has been made more difficult to secure, and must be separate to acceptation of conditions.

Children’s consent will be also made more difficult to attain.   “Parental authority is required throughout Europe, but the age differs from country to country”, said Bertrand Liard.  “It is up to the provider to put in place preventative measures, and for the appropriate age – if not, face a heavy fine.  The  new rules also underline that consent can be withdrawn when wished.”

Mr Liard stressed the necessity of companies to appoint a Data Protection Officer, but pointed out a Catch 22.    “French universities train just 20 DPOs a year…yet it is estimated the country will need 80,000!”.

Understandably there was much to discuss at the ensuing cocktail party!