In the News

It has now been more than four months since the GDPR was enacted, leaving corporations around the world grappling with the implications.  Bryan Clark recently offered some insights in Digital Journal’s “Q&A: Analyzing GDPR’s Impact So Far,” where he discussed the impact of GDPR on people and companies operating outside of Europe, similar privacy laws that may impact the U.S., how businesses can prepare for new privacy laws, and the impact on consumers. Continue Reading In the News: Media & Privacy Risk Report Editors Blaine Kimrey and Bryan Clark Discuss GDPR in <i>AdExchanger</i> and <i>Digital Journal</i>

Match stick DeskJust when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”).  The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States.  There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:

Continue Reading California and GDPR “light”: A Match Made in Plaintiffs’ Lawyers’ Heaven?

As 2017 comes to a close and companies look to planning initiatives for 2018, there is one date that should be front and center for privacy professionals: May 25, 2018. That is the date that the EU’s General Data Protection Regulation (GDPR) goes into effect, meaning that any company dealing with EU consumer data needs to have a plan in place.  The GDPR has been looming for almost two years now (since its adoption on April 27, 2016), so hopefully most companies impacted by the regulation have already begun to implement compliance mechanisms. But if not, it’s not too late.

We have written previously in this space about what the scope of the GDPR requirements. The question now is what companies covered by the GDPR should be doing as they head into 2018. Here are some critical steps to make sure you are on track to ensure GDPR compliance:

Continue Reading Getting Ready for GDPR Compliance in the New Year

The EU’s General Data Protection Regulation (679/2016/EU), the GDPR, comes into force across the EU on 25 May 2018. As it is being made by regulation the GDPR, unlike the existing Data Protection Directive (implemented into the UK by the Data Protection Act 1998), will have direct effect throughout the EU. National governments will have some limited scope to tailor certain of its provisions to their jurisdiction. However, the GDPR will significantly harmonise the current national data protection laws across the EU.

Notwithstanding Brexit, the UK government has indicated its intention to implement the GDPR in full. The UK regulator’s (the Information Commissioner’s Office) powers and ability to work seamlessly with other national EU regulators will form a negotiation point in the coming Brexit deal. Continue Reading EU General Data Protection Regulation: A Summary for Non-EU Businesses