Legally Defensible Compliance
Does GDPR Apply in the US?
Yes. GDPR (European Union General Data Protection Regulation) is a comprehensive new law protecting the data privacy of EU citizens. GDPR took effect on May 25, 2018. It consists of 99 articles and will have sweeping impact on U.S. enterprises. It requires that all EU personal data be handled according to the GDPR Data Protection Principles. These includes the famous "right to be forgotten," as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in EU countries, it is not too late to get advice.
Does The California Privacy Act Apply Outside of CA?
Yes. The California Privacy Act of 2018 was unanimously adopted by the legislature and signed into law on June 28, 2018. Similar in many essentials to the GDPR Privacy Principles, as of January 1, 2020, it will require that all CA consumer personal information be handled according to privacy principles. (CCPA/CPRA) These also include the famous "right to be forgotten," as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in CA, it is time to seek advice about data mapping.
Legally Defensible Privacy & GDPR Compliance
If your organization processes the personal data of EU citizens (or soon California citizens), you need to take immediate steps to evaluate whether your organization is impacted by the GDPR or the California Privacy Act. Penalties for noncompliance are not automatic but good faith efforts could mitigate risk.
Before evaluating technology vendors, reach out to a law firm. All inquiries are completely confidential and covered by the attorney-client communications privilege. Even if you have not started mapping data, we can provide you with a top-level risk evaluation and help you get started in the right direction. We can help you document good-faith compliance efforts, draft legal opinions, or provide "comfort letters."
Together with top technology providers, we provide privileged and confidential workshops on data protection and privacy compliance. We can provide strategic assistance developing a compliance plan or compliance blueprint. Please see our whitepaper outlining a blueprint for compliance with the California Privacy Act (CCPA/CPRA).
- Bookmark this page or our contact page
- Visit our Emerging Technology Law Blog Page for Updates
- Download our new White Paper on The Top 10 Things to Know About GDPR at technology expert's website - Daymark Solutions, Inc.
- Check back for information about upcoming workshops and cross-disciplinary solutions for US companies