alerts & publications

One Year Until GDPR Enforcement: Five Steps Companies Should Take Now

O’Melveny partner Kiran Raj, counsel Sara Zdeb, and associate Mallory Jensen co-authored the article “One Year Until GDPR Enforcement: Five Steps Companies Should Take Now” published May 31, 2017, in The Cybersecurity Law Report. The European Union’s General Data Protection Regulation (GDPR) will be enforceable on May 25, 2018, with consequences for global businesses far broader than those of the decades-old European Data Protection Directive it replaces, the authors write. The article provides five key steps companies should consider taking to “ensure compliance with the GDPR’s transformative requirements, avoid significant penalties, and improve their overall data-management practices.”

Formerly the Department of Homeland Security’s highest-ranking attorney focused on cybersecurity and technology, Raj draws on his extensive government and corporate experience to counsel clients on their most critical cybersecurity and privacy issues. Zdeb recently rejoined O’Melveny from the Department of Commerce, where she advised Department leaders on a variety of legal and policy issues with significant impacts on businesses, including cybersecurity, export controls, and international trade and investment. They are both based in O’Melveny’s Washington, DC office. Jensen, who is based in San Francisco, is a highly strategic and skilled litigator specializing in complex civil disputes, regulatory matters, internal investigations, antitrust litigation, data security and privacy matters, and intellectual property disputes.