Publications & Podcasts

Ready or Not...the GDPR Effective Date is Here

May 24, 2018 Alerts and Newsletters

Now that May 25th, the long awaited effective date of the European Union ("EU") General Data Protection Regulation (Regulation 2016/679) ("GDPR"), has arrived, many companies are realizing that they have more work to do to become fully compliant with its far ranging and complex requirements. According to one report, 52% of companies expect to be compliant as of the GDPR's effective date, 40% expect to be compliant after the effective date, and 8% do not know when they will achieve compliance.i Despite the large percentage of companies that will not be fully compliant, EU data protection authorities have made it clear that there will be no grace period. As Helen Dixon, Ireland's Data Protection Commissioner, acknowledged to Bloomberg Law, however, "if companies get the basics right in the GDPR, they are off to a good start."ii For companies that are not fully compliant, it is not too late to take steps to achieve compliance. Here are a few key areas of focus for every company:

First, determine whether the GDPR applies to your company. The GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU. While many U.S. companies do not have an establishment in the EU, the GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: 1) offering goods or services to such data subjects in the EU (regardless of payment from the data subject) or 2) monitoring the behavior of the data subjects if the behavior takes place in the EU. Second, identify the types of data processing activities that your company undertakes that may trigger the GDPR. Companies must understand how they are collecting and processing personal data in order to demonstrate compliance. Third, companies must ascertain and be transparent with data subjects about their processing activities. Finally, companies should focus on their ability to honor individual data subjects' rights, including the right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, and rights related to automated decision making and profiling. Dixon noted that when organizations fail to honor the enumerated rights that the GDPR gives every data subject, higher fines should be expected.

Verrill Dana has been counseling U.S. companies on EU data protection laws (including the EU Data Protection Directive, which preceded the GDPR) for many years, and we are currently assisting various clients with their GDPR compliance efforts. Now that the effective date has arrived, it is important that companies do not delay their efforts toward GDPR compliance. Please feel free to contact one of our GDPR attorneys to assist your company with any remaining work your company needs to undertake to become fully compliant and avoid the specter of stiff penalties under the GDPR (up to $20 million EUR or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher).


i "The Race to GDPR: A Study of Companies in the United States & Europe." McDermott Will & Emery LLP and Ponemon Institute LLC, Apr. 2018. Available at
ii Dixon, Helen, and Daniel R. Stoller. "EU Officials: Stick to Basics to Prep for New Privacy Regime." Bloomberg BNA Privacy & Security Law Report, 2 Apr. 2018. Bloomberg Law, Accessed 24 May 2018.
This communication is intended for general information purposes and as a service to clients and friends of Verrill Dana, LLP. This publication, which may be considered advertising under the ethical rules of certain jurisdictions, should not be construed as legal advice or a legal opinion on any specific facts or circumstances, nor does it create attorney-client privilege.

Firm Highlights


Connecticut Supreme Court Rejects Tough Delaware Standard in Allowing Member Inspections of Manager-Managed LLC Books and Records – Or Does It?

Before allowing the inspection of corporate books and records, Delaware courts require a shareholder seeking information about possible mismanagement to come forward with evidence demonstrating a reasonable basis to suspect mismanagement. [1] In Benjamin...


2021 Year End Employee Benefit Plan Amendments

Health and Welfare Plans Employers that made available COVID-19 relief and benefit enhancements in 2020 – such as the increased carry over limit and extended grace period for health flexible spending accounts – need...


Trademark Litigation: Software

Represented trademark owner in litigation with foreign software company. Successfully defeated motion to dismiss on jurisdictional grounds, which was affirmed on appeal. Also successfully defeated summary judgment motion, which resulted in case settling before...


Andrew Nevas appears before Connecticut Supreme Court regarding COVID rent dispute


Maine Rural Water Association Annual Conference with Verrill Attorney Mathew J. Todaro

Verrill Attorney Mathew J. Todaro, along with two others, will be presenting at the Maine Rural Water Association’s 41 st Annual Conference and Trade Show. Their presentation, “PFAS and Practicality Regulatory Updates with a...


Maine Rural Water Association Annual Conference

On Wednesday, December 8th from 12:40PM to 2:10PM Verrill Attorney Mathew Todaro will be speaking at the Maine Rural Water Association's 41st Annual Conference. Mat and two other speakers will be presenting "PFAS and...


Copyright Litigation: Software

Defended equipment manufacturer in copyright dispute involving firmware for digital subscriber line access multiplexers (“DSLAMs”). Case resolved favorably.


High-Profile Former U.S. Department of Justice Prosecutor, David Lazarus, Joins Verrill’s Health Care and Life Sciences Practice

(November 29, 2021) – Verrill is pleased to welcome David Lazarus to the firm’s Boston office as a Partner in its nationally recognized Health Care & Life Sciences Group. Lazarus is a former Department...


Medicare's Future: Improving Health Equity and Implications for Employers

On Wednesday, December 15th at 2 pm join the National Academy of Social Insurance , Verrill , the New England Council , and the Massachusetts Hospital Association for a virtual discussion on the future...


Incidental Take of Migratory Birds Prohibited Once Again as New MBTA Rule Becomes Effective

A U.S. Fish and Wildlife Service (“FWS”) final rule that presumptively reinstates liability for incidental take under the Migratory Bird Treaty Act (“MBTA”) becomes effective on December 3. The new rule revokes a Trump-era...

Contact Verrill at (855) 307 0700