Authors
Axel Frhr. von dem Bussche

Dr. Axel Frhr. von dem Bussche, LL.M. (LSE)

Partner

Read More
Paul Voigt

Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More
Authors
Axel Frhr. von dem Bussche

Dr. Axel Frhr. von dem Bussche, LL.M. (LSE)

Partner

Read More
Paul Voigt

Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More

19 August 2020

Data protection compliance – Global project steering

  • Quick Read

In order to keep efforts and costs down, global enterprises often implement "one size fits all" uniform solutions on a worldwide level (eg HR data systems, compliance policies, cyber security, use of centrally provided shared services etc). Due to different legal standards in various countries, such worldwide implementation often leads to frictions regarding local law and culture.

Depending on the specific project, a classification into the following phases may be helpful in rollouts relating to data protection.

Analysis Phase: Shaping the project

  • Collecting relevant facts and shaping the result desired by the client.
  • Allocating involved jurisdictions and local counsels (tailored legal network).
  • Legal analysis: How can the desired global implementation be justified with minimum local alterations (pragmatic business-oriented approach).
  • Shaping uniform paperwork for implementation (global template), including:
    • summary of facts and legal analysis for local counsels
    • questionnaire for local counsels
    • suggestion for a compliant master solution.

Rollout Phase: Collecting "add on" input from local counsels

  • Global rollout of "global template" to local counsels:
    • pragmatic approach – in order to keep costs down, local counsels may only suggest amendments to the global template where strictly required by local laws
    • fixed fee for work of local counsels, where appropriate
    • fixed deadline for work of local counsels, where appropriate.
  • Follow-up communication with local counsels (including follow-up communication) if the desired result was not achieved yet.
  • Summary of local implementation risks/local to-dos.
  • Step plan for implementation, including local to-dos.

Rollout Phase: Collecting "add on" input from local counsels

  • Internal and external steering of implementation requirements.
  • Implementation of local to-dos according to "implementation step plan":
    • local authority filings
    • preparation and conclusion of contracts
    • collection of consent declarations
    • draft of notices to employees and contract partners
    • "shaping" of the implementation according to local requirements/standard.

Please click here to download the article as PDF file.

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Close-Up Of Magnifying Glass
GDPR

GDPR EU-Representative

For companies without EU establishments

5 July 2021
Briefing

by Dr. Axel Frhr. von dem Bussche, LL.M. (LSE) and Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Click here to find out more
paper overload

The new Standard Contractual Clauses – A deeper dive

On 7 June 2021, the European Commission finally published the long-awaited new SCC's

11 June 2021
In-depth analysis

by Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Click here to find out more
Data centre server room

New SCC published today

4 June 2021
Briefing

by Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Click here to find out more