Is your organization ready for the new EU General Data Protection Regulation?
On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?
What Are the Specific GDPR Provisions Effective May 25, 2018, and What Organizations Need to Prepare Now for Compliance?
- The GDPR provisions will apply to U.S. organizations that process and transfer EU personal data both in the ordinary course of business, and in the context of pre-trial litigation and regulatory discovery
- The penalties for GDPR violations have been dramatically increased up to 4% of global annual turnover for undertakings or 20,000,000 EUR, whichever greater
- The GDPR requires organizations to report data breaches within 72 hours
- The GDPR and the U.S. Judicial Redress Act allow EU citizens to bring direct actions against U.S. Government under the U.S. federal Data Privacy Act.
- The GDPR requires organizations to implement, by default, new privacy by design security requirements for existing and new IT systems that handle EU personal data
- The GDPR requires U.S. organizations to delete EU personal data within 45 days, upon request; and requires them to provide such personal data in a reasonably usable format
- The GDPR requires certain organizations to appoint a full-time company data protection officer to coordinate with EU Data Protection Authorities, the Department of Commerce, and the Federal Trade Commission
- The GDPR requires extensive documentation of EU personal data processing and transfer activities, including the particular basis in scope of such activities - auditable by EU Data Protection Authorities and the FTC, for compliance review and potential enforcement actions
*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.