Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Explained - A Quick Guide for US Businesses

320 views

Published on

The US has many different privacy laws. But now there is another law to wade through: GDPR. Although the GDPR mainly affects those living within the European Union (EU), it is important that US businesses pay attention too.

Published in: Law
  • Be the first to comment

  • Be the first to like this

GDPR Explained - A Quick Guide for US Businesses

  1. 1. This article does not constitute legal advice and is intended for informational purposes only. A Quick Guide for U.S.> Businesses
  2. 2. This article does not constitute legal advice and is intended for informational purposes only. The General Data Protection Regulation (“GDPR”) is a legal framework that sets new standards for the collection, storage, and processing of personal data of citizens of the European Union (“EU”). Enacted in May 2018, GDPR has had far-reaching implications for how companies handle consumer privacy. GDPR applies to a broad array of personal data, including a person’s name, email address, and phone number, but also less obvious information such as customer IDs and IP addresses. The purpose of GDPR is to give EU citizens the right to access and control their personal data and it is intended to protect EU citizens from privacy and data breaches.
  3. 3. This article does not constitute legal advice and is intended for informational purposes only. Although the GDPR mainly affects those living within the European Union (EU), businesses do not have to be based in the EU to be bound by the GDPR. GDPR applies to U.S. companies that provide goods or services to EU citizens or monitor their behavior (for instance, by using cookies or similar tracking technologies). Thus, if you collect personal data or behavioral information from an individual in an EU country – whether that individual is a customer or your own employee, then your company is subject to the requirements of the GDPR.
  4. 4. This article does not constitute legal advice and is intended for informational purposes only. It is important that U.S. businesses determine whether the GDPR applies to them in order to ensure compliance with GDPR. This is because the penalties for failing to comply with the GDPR can be severe. Companies found to violate the GDPR can face eye-watering fines. The maximum fine for a violation is 20 million euros or 4% of a company’s annual global revenue from the prior year, whichever is higher.
  5. 5. This article does not constitute legal advice and is intended for informational purposes only.
  6. 6. This article does not constitute legal advice and is intended for informational purposes only. By inventorying and mapping your data holdings you will develop a solid understanding of the array of personal data you are responsible for safeguarding. Updating your privacy notices to comply with the GDPR’s enhanced transparency requirements will force you to review your public-facing privacy policies and other online notices to ensure they are up-to-date and accurate. Benchmarking your existing policies to the GDPR will help you identify gaps and inconsistencies in your current approach. Although cumbersome, launching a GDPR compliance effort will help get your company’s privacy and security affairs in order.
  7. 7. This article does not constitute legal advice and is intended for informational purposes only. GDPR provides exceptions to many of the most burdensome provisions of the regulation when steps are taken to de-identify personal data. For instance, companies may not be required to provide breach notification to individuals if the data that was compromised had been properly anonymized. By using anonymization or pseudonymization techniques companies can also give themselves more flexibility in how they process data. Anonymization and pseudonymization can significantly reduce GDPR compliance burdens
  8. 8. This article does not constitute legal advice and is intended for informational purposes only. In addition to EU regulators, individuals have a “right to an effective judicial remedy,” including monetary damages, for violations of the GDPR. This right can be exercised by nonprofit organizations on individuals’ behalf. Thus, US businesses should be aware that privacy and consumer organizations are likely on the lookout for indications of basic failures to comply with the GDPR. Preparation is key to avoiding becoming an early target for one of these class-action style forms of litigation. This is particularly important because given that courts will be considering many of these issues for the first time, early judicial outcomes are hard to predict. Nonprofits can enforce the GDPR on behalf of consumers and have greater resources to fund a legal action than individuals do.
  9. 9. This article does not constitute legal advice and is intended for informational purposes only. Companies should be careful to not mistakenly assume that if they comply with the GDPR, they have met all of their privacy and security obligations across the globe. Implementing a GDPR compliance strategy will undoubtedly help with any privacy and security program, but different jurisdictions have different laws and requirements can vary in substantial ways. It is important to always carefully review the relevant laws and regulations and to be prepared for future developments in the privacy landscape. While the GDPR is an important privacy law, it is not the only one.
  10. 10. DISCLAIMER This article does not constitute legal advice and is intended for informational purposes only. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to these materials, the CGL website or any of the links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.
  11. 11. www.cgl-llp.com

×