IAPP’s Privacy Advisor
MoFo’s Alja Poler de Zwart tells you how to calculate your legal response-time deadlines under the GDPR.
The EU General Data Protection Regulation (GDPR) may be more than a year old, but that doesn’t mean privacy professionals have the answers they need to their compliance questions. The handling of individuals’ rights requests is a particularly sensitive area where this rings true.
“Every day counts in these kind of situations,” writes Morrison & Foerster of counsel Alja Poler de Zwart in an article for IAPP’s Privacy Advisor. She cautions, that if a company does not comply with the requirements, it “technically risks the highest possible GDPR fine: 20 million euro or 4% of your company’s worldwide turnover.”
Alja shares details and provides examples regarding how to calculate when the GDPR’s “one month upon receipt of the request” deadline starts to run, as well as when it ends, and clarifies the confusion surrounding the requirements. Among other things, Alja advises: “Have a well-working system in place to track the requests you receive. Make sure that the system incorporates considerations on how to calculate the time periods, and train your employees who handle the requests so that they know how to apply these considerations in practice.”