The GDPR & Privacy Shield: Which Companies Should Self-Certify?

For multinational organizations, cross-border data transfers are essential to carrying out business activities. However, the transfer of personal data from the European Economic Area, or the (“EEA”) as it’s widely known, to recipients located outside the EEA, is generally prohibited unless the receiving country provides an adequate level of data protection determined by the EU. […]

What is the General Data Protection Regulation (“GDPR”)?

In May 2018, the European Union transformed its legislative landscape for data protection when it introduced the General Data Protection Regulation, or GDPR as it’s widely known. The regulation harmonized existing EU data protection laws to adapt in the modern digital age. Essentially, the GDPR puts customers in the data driver’s seat. Organizations must inform […]

Data Retention Under the GDPR

The impact of the GDPR on US companies will be significant. One of the most difficult issues to overcome will be handling data retention. Creating a data retention policy is easy, implementing it will be significantly more difficult. Article 5 sets forth the principle that personal data may be maintained for no longer than is […]

GDPR vs. HR Data: Time to Reconsider Consent as a Lawful Basis to Collect Personal Data?

In light of the GDPR’s stringent requirements for consent, HR departments will need to review the legal basis for processing employee data under employment contracts based on consent. The GDPR heightened the requirements for using consent as a legal basis, making this method risky and burdensome. The GDPR requires that consent must be: Freely given, […]

FTC Approves $5 Billion Dollar Fine Against Facebook Over Cambridge Analytica Scandal.

Although the E.U. handed down significant fines earlier this week, the U.S. ended the week by issuing record-setting fines against Facebook for 5 billion dollars. The fine against Facebook represents the powerful posture taken by the United States to enforce privacy legislation in the post-GDPR era. The chart below outlines the EU’s early GDPR enforcement […]

EU-US Privacy Shield: Legal Certainty for US Companies

A new data privacy protection agreement has been tentatively reached between the U.S. and the EU. This new agreement to be called the “EU-US Privacy Shield” replaces the 15-year-old EU-US Safe Harbor Program that US companies have relied on to ensure legal certainty when personal data from the EU to the US. The EU-US Safe […]

Skip to content