Risk & Insurance quoted Fox Partner Odia Kagan in an article on on preparing for year two of GDPR.

“GDPR compliance isn’t something that is a snapshot in time, it’s an ongoing process, a ‘chronic condition’ for the skeptics or a ‘healthy routine’ for the advocates… Companies need to complete setting up their key compliance mechanisms and then reassess and tweak and implement each time a new process, new product or new service provider starts up.”

“The toughest compliance issue is to accomplish the shift in thinking with respect to how one needs to handle the information, explaining that understanding the information beyond SSN and driver’s license or bank account information not only is important, but it’s also important where you get your information, what people think you will do with it, etc.”

“In any event, it is important to do something, be on the path, rather than be daunted into inaction…For example, do a risk assessment, then devise and plan and start executing on it. This will be taken into consideration by regulators if it ever comes up.”

Read the full article in Risk & Insurance.