Don't Risk a Fine - Know Your Legal Response-Time

IAPP’s Privacy Advisor

08 Oct 2019

MoFo’s Alja Poler de Zwart tells you how to calculate your legal response-time deadlines under the GDPR.

The EU General Data Protection Regulation (GDPR) may be more than a year old, but that doesn’t mean privacy professionals have the answers they need to their compliance questions. The handling of individuals’ rights requests is a particularly sensitive area where this rings true. 

“Every day counts in these kind of situations,” writes Morrison & Foerster of counsel Alja Poler de Zwart in an article for IAPP’s Privacy Advisor. She cautions, that if a company does not comply with the requirements, it “technically risks the highest possible GDPR fine: 20 million euro or 4% of your company’s worldwide turnover.”

Alja shares details and provides examples regarding how to calculate when the GDPR’s “one month upon receipt of the request” deadline starts to run, as well as when it ends, and clarifies the confusion surrounding the requirements. Among other things, Alja advises: “Have a well-working system in place to track the requests you receive. Make sure that the system incorporates considerations on how to calculate the time periods, and train your employees who handle the requests so that they know how to apply these considerations in practice.”



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.