It seems that GCs will have another personal data concern on their hands with the General Data Protection Regulation set to replace the Data Protection Directive in 2018.
Accessibility Links

Why US GCs need to prepare for new EU Data-Transfer regulations

Posted by: Clare Butler 10/10/16
There is no doubt that data laws and privacy are two topics of growing concern for US General Counsels, with the scale of high profile cyber-attacks, such as those recently revealed by Yahoo, increasing sharply in recent years. Now, it seems that GCs will have another personal data concern on their hands with the General Data Protection Regulation set to replace the Data Protection Directive in 2018.

The European Union's data-privacy regime is transitioning and companies, as well as their GCs, should be prepared to deal with a new set of jurisdictional requirements, as well as new data transfer requirements. The General Data Protection Regulation (GDPR) is set to replace the current Data Protection Directive (DPD) which requires EU member countries to pass legislation regulating how the personal data of EU data subjects can be collected, processed and transferred. The GDPR passes more power over to national data protection authorities and gives them more authority to enforce fines.

The GDPR heightens and expounds some of the requirements of its predecessor, particularly clarifying the levels of consent expected, and requires businesses to incorporate privacy and data-security principles into their products and offerings. It will also add new requirements and mechanisms for exporting and processing personal data from the EU.

Compliance with data laws is already a priority for US GCs, but this transition will need careful and vigilant oversight of organizational changes in light of the new legislation. GCs must determine how the GDPR applies to their organization, how their company currently sources and processes EU data and the security measures in place to protect it, then carefully review and audit how any external partners or vendors use and source data. GCs need to prepare for this significant transition well in advance of 2018, and continue to be proactive about their approach to compliance in relation to data privacy laws.
Add new comment
*
*
*