We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.
Lexology Newsfeed
  • Blog
  • Events
  • Popular
  • About
  • Login
  • Register
  • Blog
  • Events
  • Popular
  • About
  • Login
  • Register
  • Newsfeed
  • Navigator
  • Hubs
  • Webinars
  • Store
  • Analytics
  • Insights
  • Track
  • Create
  • My Lexology
  • Newsfeed
  • Navigator
  • Hubs
  • Webinars
  • Store
  • Analytics
  • Insights
  • Track
  • Create
  • My Lexology
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Google Plus
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact customerservices@lexology.com

Register

GDPR Compliance Task Force

Womble Bond Dickinson (US) LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, USA October 30 2017

7 Months To Go

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

The Directive did not regulate US businesses unless the collection or processing occurred within the EU (e.g., if a US-based company had a data center in the EU). Now GDPR clearly has stronger extraterritorial reach than its predecessor.

Businesses collecting and using personal data should know their GDPR obligations. Violators of GDPR face steep penalties. Regulators can fine a company up to 20,000,000 euros or 4% of worldwide annual turnover, whichever is higher.

Follow our three-question flowchart to see if GDPR applies to your company.

ARE YOU REQUIRED TO DESIGNATE A DATA PROTECTION OFFICER?

Follow our three-question flowchart above to see if GDPR applies to you. If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.

Follow our five-step flowchart below to see if you need to designate a DPO:

A major change with the GDPR is that data processors now have direct legal obligations under EU privacy law. This is a significant shift from the current EU Directive which only directly obligates the data controllers. Non-compliant data processors face significant fines of up to 4% of global annual turnover or 20,000,000 euros, whichever is higher and may be directly liable to individuals for damages.

If the GDPR applies to you, review our checklist below summarizing the data processor’s obligations.

Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts.

Womble Bond Dickinson (US) LLP - Theodore Claypoole, Allen O'Rourke, Taylor Ey and Orla M. O'Hannaidh
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Google Plus
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • USA
  • IT & Data Protection
  • Womble Bond Dickinson (US) LLP

Tagged with

  • Data Protection Directive
  • GDPR

Popular articles from this firm

  1. Transfer Taxes and the Tax Act: An Overview and Three Possible Responses *
  2. Video game controller manufacturer Scuf Gaming files patent infringement claim against French competitor BURN controllers *
  3. To What Extent Can You Use Errata Sheets To Correct Testimony Under Rule 30(e)? *
  4. XXX/AXXX life insurer class action appeals likely to be consolidated *
  5. Maryland Offshore Wind Grant Programs Now Available for 2019 *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email enquiries@lexology.com.

Send to Create
Powered by Lexology

Related topic hubs

  1. GDPR
  2. European Union
  3. USA
  4. IT & Data Protection

Related European Union articles

  1. Does GDPR apply to you? *
  2. GDPR 101: 5 key changes to Europe’s data protection framework *
  3. Key steps to ensure your business is GDPR-ready *

Related international articles

  1. U.S. Companies: Are You Ready for GDPR? * - USA
  2. Does the GDPR Apply to Your US-based Company? * - USA
  3. Don’t Gamble With The GDPR * - USA

Lexology Navigator Q&A

Compare jurisdictions:Data Security & Cybercrime

  1. USA
  2. Hong Kong
  3. Singapore
  4. View more
Peter Rosenbloom
Labor & Employment Counsel
The Boeing Company
What our clients say

"The newsfeeds are extremely relevant. They address both legislative and judicial updates and offer an experienced, thoughtful analysis of directions or trends. The articles are all extremely well done and provide a practical viewpoint, not just an academic one. Most topics have at least 3-5 articles from various law firms, so there's an opportunity to read different perspectives and analyses."

Back to Top
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
  • GDPR Compliance
  • RSS feeds
  • Contact
  • Submissions
  • About
  • Login
  • Register
  • Follow on Twitter
  • Search
Globe Business Media Group

© Copyright 2006 - 2018 Globe Business Media Group