Privacy / GDPR

On May 25, 2018, the European General Data Protection Regulations or GDPR came into effect. The legislation, which was adopted by all of the EU member states, applies to all personal data belonging to citizens and residents of the European Economic Area and lays out a series of security measures to follow to ensure that any given company is securely protecting personal data. Under the law, all companies possessing any personal data of any European citizens or residents must comply with the GDPR regulations, making the regulations applicable to companies across the globe.

With excessively costly penalties for non-compliance, companies are searching for guidance as to what areas may need improvement and how to become compliant with these new laws. The Norton Law Firm offers a set of packages designed to provide guidance and move companies into compliance with GDPR as quickly and efficiently as possible. The following are a list of the packages we offer; please check with us for current flat-fee pricing for each offering.

Data Privacy Impact Assessment (DPIA)

The Data Privacy Impact Assessment (DPIA) package includes a packet of materials to fill out concerning the organization’s current privacy and security measures. The answers to the questions on this packed will help the attorney in assessing the client’s overall preparedness and compliance with GDPR. The DPIA package also includes up to an hour of phone time with the attorney to help answer questions regarding the assessment. The client would be provided with a written document after the assessment was completed that outlined the areas of deficiency and the types of changes that would need to be made to come into GDPR compliance.

DPIA & Privacy Policy

The Privacy Policy package would include the initial DPIA and document outlining any deficiencies, in addition to modifying the client’s Privacy Policy to reflect client’s actual collection, use, distribution, and destruction/retention of covered information.

DPIA & MTC/MSA+ & Privacy Policy

The Master Terms and Conditions (MTC) package includes the initial DPIA and document outlining any deficiencies as well as modifying either a company’s Master Terms and Conditions or their standard Master Services Agreement, along with the associated Order Form or Statement of Work (SOW). The edits to these documents would include all changes necessary to bring the primary contract template for the client into GDPR compliance. This package also includes a Data Privacy Addendum that may be sent to both customers and vendors in order to meet the notification and responsible data handling requirements of the GDPR.

Remediation and Overhaul

(Custom pricing based on client needs)
The Overhaul package includes the above 3 modules in addition to modifications to other documentation as needed. The end result of this package would include updated systems and processes to maintain GDPR compliance, and preparation, if desired, to receive Privacy Shield certification.


The Firm offers annual training regarding GDPR compliance requirements, which training is required by GDPR. This can be combined with other required annual training, and customized for the client’s needs.