In light of the rapidly changing coronavirus (COVID-19) situation, Troutman Sanders and Pepper Hamilton have postponed the effective date of their previously announced merger until July 1, 2020. The new firm – Troutman Pepper – will feature 1,100+ attorneys across 23 U.S. offices. Read more.


GDPR Compliance

LEADERSHIP: Sharon R. Klein

Pepper Hamilton’s Privacy, Security and Data Protection Group is ready to help your company understand its obligations under the GDPR and achieve legal compliance. 

The European Union’s General Data Protection Regulation (GDPR) — the biggest change to EU data security laws in two decades — will take effect on May 25, 2018. U.S.-based companies doing business in the EU, marketing to individuals in the EU, or otherwise using personal data from individuals in the EU may be subject to the law. Companies that do not comply with the GDPR face significant fines and penalties, up to 4 percent of annual revenue or €20 million, whichever is greater.

Pepper Hamilton’s Privacy, Security and Data Protection Group is ready to help your company understand its obligations under the GDPR and achieve legal compliance. We provide counseling on each step of the GDPR readiness process, recommending specific action items that are unique to your company.

We help draft new policies, terms, agreements and consents aligned with the GDPR’s specifications, and ensure your company understands their function and purpose. We have experience in data breach procedures, and can assist in developing a compliant data breach notification and response plan. We also provide guidance on your company’s record-keeping requirements, and share best practices in data privacy and security.

Pepper’s GDPR readiness package provides your company with an assessment of the state of its current level of preparation for the new law, and the steps to take to achieve legal and regulatory compliance. In the course of the assessment, our lawyers work with your entire business, including the general counsel, risk management, IT and privacy/ security personnel to:

  • Determine whether your company might be subject to the GDPR.
  • Assess the nature of the data collected and processed by your business, prioritize it, and help you understand the legal implications involved.
  • Assess the flow of the data (including which third parties have access to it).
  • Provide recommendations and help develop GDPR-compliant enhancements to policies, processes, documentation and procedures, and conduct staff training on the new policies, as well as helping to implement best practices in data privacy and security.
  • Examine your business contracts with customers and third-party data processors to ensure compliance with GDPR specifications.
  • Help your company understand its exposure to data breaches and develop a GDPR-ready response and notification plan. Should a data breach occur, our Rapid Response Team is available to assist immediately.
  • Leverage our relationships with EU counsel and consulting professionals to provide timely, cost-effective compliance solutions.

Data protection laws have changed, so we have revised our Privacy Policy.