Cyber/Data/Privacy
General Data Protection Regulation – GDPR
New privacy laws are now in force which impact companies in the EU and those outside the EU that operate EU-facing websites to market goods or services to EU-based individuals and/or monitor EU-based individuals, e.g., with cookies or other similar technologies. The changes are far-reaching and may require numerous amendments to the way affected businesses handle personal information.
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR has placed increased obligations on businesses including:
- a stricter definition of consent, making it harder to obtain, particularly for those companies with EU-based employees
- new laws on profiling, sensitive data handing, data retention and use, which will restrict what companies may do with the data they collect and how they store and handle the data they collect
- new obligations on and liabilities for data processors
- new breach notification requirements
- increased sanctions for failure to comply, which could result in fines of up to 4% of annual turnover or €20 million (whichever is higher).
The GDPR may require not only changes in business operations and new technology but also changes to configurations of existing technology. Becoming GDPR-compliant and maintaining GDPR-compliance needs to be a multi-stakeholder process, involving both internal company resources across the organization as well as external advisers. We can help you be GDPR compliant. We have a team of experienced practitioners who have worked towards compliance with numerous organizations in many sectors. If you would like further information on what you should be doing to become GDPR-compliant, please contact us – we are here to help.
Resources
- GDPR (full text)
- Adopting a Lead Supervisory Authority
- Data Portability
- Data Protection Officers
- GDPR: An opportunity ahead?
- Profiling
- Consent
- Consent (Working Committee, December, 2017)
- Cooley GO
- Flowchart – Does GDPR Apply
Thought Leadership
- "GDPR Series: Creating and Reviewing Data Protection Policies Part 1 – Internal Facing Policies" – Privacy & Data Protection Journal
- "Employee 'Consent' Under the GDPR" – Thomson Reuters
- "Blockchain Technology May Not be the Best Solution for GDPR Compliance" – CSO
Client alerts
- A Dark Time for Data: WHOIS Blackout Period Likely Starting in May
- GDPR: Guidance on Consent Requirements
- GDPR: Ready or Not, Here It Comes…
- GDPR – Do I Need Consent to Process Personal Data?
- GDPR for Employers
- Introduction to Europe’s General Data Protection Regulation
- EU Privacy Q&A – Network and Information Security Directive
- Brexit + Cybersecurity: What You Need to Know
- Brexit + Privacy: What You Need to Know
- Preparing for the GDPR: Advice for Employers
- At Last, Some Real EU Data Protection News: A Welcome Holiday Gift?
Webinars
- GDPR: What you need to know
- GDPR: What you need to know as a venture fund
- GDPR: What you need to know as a life sciences company
- GDPR: What you need to know as an edtech or education driven company or institution