Partner Aaron Tantleff discussed the general framework for compliance with the new rules under the GDPR in the CIO Dive
article, “GDPR Is Here: What’s Next?
Many businesses may find themselves on the receiving end of data subject requests. Companies that fall under the scope of GDPR but haven't made any efforts will be easy targets moving forward. Tantleff said that one of the biggest misconceptions many companies have is that GDPR just requires a change in privacy policies and outward-facing documents.
But the reality of compliance is a lot of policy and procedural updates and a deeper understanding of how and why a company processes data. For companies that are not yet compliant but have put effort into having a set of processes put in place and documented data policies, "While it's not perfect, it's ok," Tantleff said.