Cyber/Data/Privacy

General Data Protection Regulation (GDPR) Resources

In the past several years, privacy regulations in the European Union and the UK have undergone significant changes, which affect companies worldwide. 

The EU’s General Data Protection Regulation (GDPR), which came into force in 2018, impacts not only EU companies but also any company that operates an EU-facing website to market goods or services to EU-based individuals and/or monitors EU-based individuals (e.g., with cookies or other similar technologies).

The EU GDPR’s far-reaching effects on companies with a real-life or online presence in EU have required numerous changes to the way businesses handle personal information. The UK has retained the GDPR and incorporated it into UK law following Brexit.

The EU and UK GDPRs impose significant obligations on businesses, including:

• A strict definition of consent, making it difficult to obtain.
• Requirements around profiling, sensitive data handing, data retention and use, which restrict what companies may do with the data they collect – and how they store and handle it.
• Obligations on and liabilities for data processors.
• Breach notification requirements.
• Sanctions for failure to comply, which could result in fines of up to 4% of annual turnover or 20 million euros/17.5 million pounds (whichever is higher).

EU and UK GDPR compliance encompasses more than having correct policies; for many companies, it may affect business operations and require new technology or changes to configurations of existing technology. Becoming and staying EU and UK GDPR compliant should be a multi-stakeholder process, involving internal company resources across the organization and external advisers.

Cooley has a team of experienced practitioners who understand what it takes to comply with the EU and UK GDPRs in a way that complements your business priorities. If you would like further information on what you should be doing to ensure that you are compliant, please contact us – we are here to help.

Cooley GO

• Introduction to the General Data Protection Regulation
• GDPR – Do I Need Consent to Process Personal Data?
• GDPR – A Guide for Employers

Other resources

• EU GDPR (full text)
• Adopting a Lead Supervisory Authority
• Data Portability
• Data Protection Officers
• GDPR: An Opportunity Ahead?
• Profiling
• Consent

Blog posts

cyber/data/privacy insights

• Cybersecurity in the US
• Cybersecurity in the European Union
• EU AI Act: Does It Affect Your Organization or Not?
• Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA
• ‘Controller,’ ‘Processor’ and ‘Transfer’: Some GDPR Concepts Re-Explained
• Cooley Privacy Talks: Reconciling the GDPR With the Clinical Trial Regulation (CTR)

Videos and webinars

AI Shorts and Talks

• Using Generative AI for Coding? Know Your Risks
• The Brussels Effect: Prepare to Comply With the European AI Act
• US AI Regulation Remains a Moving Target, but Common Themes Emerge
• Three Practical Steps to Prepare for AI Regulation in the Workplace
• A Balancing Act: Pursuing AI Advancement and the Protection of Privacy

Privacy Talks

• CCPA’s Risk Assessments, Cybersecurity Audits and Automated Decision-Making
• A Midyear Update on US State Consumer Privacy Laws