May 25, 2018. After two years of preparation, organizations around the globe that handle EU data subject's information must now be compliant with the EU General Data Protection Regulation (GDPR). Many companies have invested an incredible amount of time, effort, and resources into implementing robust compliance programs by today's deadline - the average company expected to spend nearly $1.5 million on GDPR compliance! 

This level of effort demanded by the GDPR meant that many companies have struggled to meet this deadline (Gartner predicts that 50% of organizations  will not be compliant by the end of this year). And for those who met today's deadline, you are now facing the new challenge of maintaining compliance. 

The GDPR team here at Focal Point has put together a number of useful resources for those who must comply with the GDPR, particularly for organizations based in the US. Here, we've compiled our most popular GDPR-specific guides, blog posts, webinars, FAQs, and white papers that may help you as you continue to work toward or maintain compliance with this landmark regulation.

If you're interested in what will happen next with the GDPR, these posts are for you:

You've reached the May 25 deadline, but that doesn't mean you get to stop worrying about the GDPR. In fact, today is really just a new starting point. Here's what you need to prepare for next:

Operationalizing the GDPR (Webinar)

You've got your GDPR program in place, but what happens now? Our GDPR experts talk through the shift from GDPR readiness to operationalizing your GDPR program - from performing system-specific assessments to managing data subject requests to preparing for GDPR audits. This is the go-to guide for managing your GDPR program.

The ePrivacy Regulation (ePR) and the GDPR

The ePR is still in a draft stage, but that doesn't mean you shouldn't start thinking about it now. This regulation has been hotly contested in the EU, as it provides some pretty strict requirements around the processing of electronic communications data. We look at the most controversial sections of this proposed regulation and what to do now. 

The Focal Point Privacy Pulse

Focal Point has a monthly email newsletter that is dedicated solely to data privacy news and insights - many of which are related to the GDPR. Sign up today to stay up to date on the latest GDPR news.

If you have operations across multiple EU Member States, download these useful guides:

A Simple, Straightforward Guide to EU Member State Derogations

While the GDPR has stringent requirements for EU Member States, it does allow them to take exceptions to its requirements in a few areas, like age of consent and penalties for non-compliance. Our guide looks at each Member State's published or proposed derogations and compares them against the GDPR, so you can easily see where they align and differ.

A Quick Guide to De-Identification under the GDPR

The GDPR has defined de-identification methods like pseudonymization and anonymization, but some EU Member States have expanded on these definitions, used different terminology, or simply left de-identification unaddressed, posing a challenge to organizations who are trying to meet de-identification requirements across multiple Member States. Our whitepaper walks you through each Member State's regulations around de-identification and how they've been impacted by the GDPR.

If you're interested in learning more about the global impact of the GDPR, check out these guides:

The GDPR may be the most influential privacy law to date. Its ripple effects have been felt across the globe. 

The Impact of the GDPR in the Philippines

In 2016, the Philippines released an update to its Data Privacy Act of 2012, requiring organizations that process Philippines data subjects' information to comply by September of 2017. The Act shares many similarities with the GDPR and impacts organizations around the globe who have operations in the Philippines.

The Connection between Japan's APPI and the EU's GDPR

In May 2017, Japan issued an updated version of its Act on the Protection of Personal Information (APPI). The update was extensive, and many noticed that it shared some similarities to the GDPR. In July, Japan and the EU agreed to work together to provide their data subjects with a higher degree of data privacy.

Privacy in Paradise: The Impact of the GDPR in Bermuda and the BVI

You can't escape the GDPR, even in your favorite vacation spots. Many organizations have operations in Bermuda and the BVI, and will need to consider how the GDPR has changed how they will do business in these UK territories. 

If you're struggling with applying the GDPR to business operations, check out these posts:

Under the GDPR, there are 6 lawful bases for data processing, and every scenario where your business processes an EU data subject's information needs to be supported by one of these lawful bases. These can get pretty technical, and it can be difficult to know which basis is most applicable. So we built a series of posts dedicated specifically to understanding the lawful bases for data processing under the GDPR.

We recommend you start with 9 Examples of Lawful Basis for Processing under the GDPR. In this post, we link everyday business scenarios to the lawful bases that apply best. It's one of our most popular GDPR posts, and it has a cheat sheet you can download and take with you. 

From there, check out our post on meeting GDPR consent requirements. Consent is a very complex lawful basis under the GDPR and managing data subject consent is a big job. Within this post, we provide a handy checklist for meeting the GDPR's consent requirements. 

Then, read our post on how you can still use marketing effectively under the GDPR. Because of the GDPR's strict requirements on communication with EU data subjects, it can feel like marketing will be impossible under the GDPR. But using the lawful bases of consent and legitimate interest, you can still build productive relationships with your clients and prospects.

If you're a little behind on your GDPR compliance program, get started here:

A recent survey found that 96% of companies still don't fully understand the requirements of the GDPR, which doesn't surprise us at all. It's a very complex and far-reaching regulation. Here are a few useful guides for getting started with GDPR compliance.

The Keys to a Tactical, Scalable GDPR Implementation Plan (Webinar)

This is the perfect listening material for your lunch break or commute into work. Learn more about how to build and carry out a successful GDPR implementation plan from our experts who have done this thing one or two times (just kidding - it's way more times than that).

The Questions We Get Asked the Most about GDPR Compliance

This post is a simple FAQ that tackles some big questions about GDPR implementations. From speeding up an implementation to privacy impact assessments, our GDPR experts answer our audience's most burning questions. 

Understanding the Roles of the DPO and the EU Representative

This one applies specifically to US-based companies that process EU data subjects' information. These organizations must have an EU Representative that serves as a point of contact between the organization and EU Data Protection Authorities and EU citizens and residents. It's a complex role, but we've got a simple guide to what you need to know.


These guides are all helpful, but we know that sometimes you just need to sit down with an expert and discuss all your questions, concerns, and needs. Focal Point has a whole team of GDPR experts ready to help you with your biggest GDPR challenges, whether you're still in the implementation phase or you're ready to operationalize your program. 

New Call-to-action