For the past few months, lawyer Robert Bond has been getting around six new enquiries a day from European companies wanting advice on how to comply with the new EU data rules that come into force in exactly a month's time, on May 25. The General Data Protection Regulation (GDPR) means that businesses will need to be much clearer about the information they hold on people and give them more control over it (see summary of consumers' rights below).
But more recently, Bond, a partner at London law firm Bristows, has been waking up to enquiries from the other side of the Atlantic. "Already this morning, there's been three overnight from the U.S., saying we don't have anything in place but we've realized this applies to us, do you have a quick fix solution? I think there's an awful lot of businesses out there, particularly outside the EU, that have suddenly realized the extra territorial nature (of the regulations) and that's come as quite a shock. They are assuming it's a tick the box exercise, which of course it isn't."