GDPR
Subscribe to GDPR's Posts

Washington State Takes the Lead in CCPA Copycat Legislation Race, Trends Emerge

Since the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, “copycat” legislation has been introduced at a dizzying pace by state legislatures across the country. Taking their cues from CCPA, at last count 16 states have borrowed language from California’s watershed law regarding consumer notices, data subject rights requests, and definitions of “personal information, “sale” of data and other key items. The likely intent is to provide equal (or, in some cases, greater) protections to the residents of their states. As a practical matter, however, none of the proposed laws is identical to CCPA (nor to each other); some look to the EU General Data Protection Regulation (GDPR), and each takes a complex approach that requires careful reading. The proposed Washington Privacy Act (SB 6281) has been touted as the most comprehensive data protection law in the United States and combines elements of CCPA and GDPR, adding specific protections for...

Continue Reading

Keeping Pace in the GDPR Race: A Global View of Progress

In preparation for GDPR compliance, organizations around the globe worked months in advance of the deadline to ensure compliance. But what happened after the date of effectiveness? McDermott set out to learn how companies fared across the United States, Europe, China and Japan. In digging deeper, we discovered valuable findings, including: Countries and regions are at different points in their GDPR compliance awareness and execution journeys. Businesses across the globe continue to face challenges in understanding and responding to EU data breaches, despite making investments in new personnel and changing business practices. In partnership with the Ponemon Institute, we released our latest study, “Keeping Pace in the GDPR Race: A Global View of GDPR Progress in the United States, Europe, China and Japan.” This report sheds new insight and provides ways to improve resiliency and mitigate risk for your company. Click here to see our key findings and download...

Continue Reading

2018 Digital Health Data Developments – Navigating Change in 2019

Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott's 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report. EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR's potential applicability to their...

Continue Reading

GDPR 6 Months After Implementation: Where are We Now?

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come. Critical provisions The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside...

Continue Reading

The GDPR’s Effects in China: Comparison with Local Rules and Considerations for Implementation

As Europe’s General Data Protection Regulation (GDPR) takes effect, companies around the world are racing to implement compliance measures. In parallel with the GDPR’s development, China’s new data protection framework has emerged over the past year and is in the final stages of implementing the remaining details. With similar and often overlapping obligations, full compliance with the GDPR and China’s data protection framework presents a significant new challenge for companies with operations in China. Does the GDPR Apply to Companies in China? The GDPR applies to the processing of personal data of people who are in the European Union, even for a controller or processor in China, where the processing of the data is related to: The offering of goods or services to the data subjects in the European Union, regardless of whether a payment is required; or The monitoring of people’s behavior in the European Union. As a result, even if a Chinese company does not...

Continue Reading

Does GDPR Regulate My Research Studies in the United States?

The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects the clinical and other scientific research activities of academic medical centers and other research organizations in the United States. This On the Subject includes frequently asked questions that discuss the extent to which United States research organizations must comply with GDPR when conducting research. Future coverage will address the impact of GDPR on other aspects of the United States health care sector. Continue reading.

Continue Reading

The General Data Protection Regulation: Key Requirements and Compliance Steps for 2018

Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some entities are not yet aware of the extent to which GDPR may be applicable to them, the GDPR expressly applies to organisations established outside the European Union that offer paid or free goods or services to EU data subjects or monitor EU data subjects’ behaviour. Within this article, we review steps for a risk based, prioritization approach to GDPR compliance and how companies can adjust their policies and practices on a pragmatic basis to help ensure compliance. Continue reading.

Continue Reading

Guide from the Italian Data Protection Authority on the Application of the GDPR: Recommendations on How to Get Started!

On April 28, 2017, the Italian Data Privacy Authority published a Guide on the application of the new General Data Protection Regulation (GDPR). The Guide does not set out implementing rules of the GDPR but rather provides a summary of “what will remain the same” and “what will change” in the main six areas covered by the GDPR: Legal basis for the processing Information to be provided to data subjects Data subjects’ rights Data controller,  data processor and persons in charge of the processing Data privacy risk assessment and accountability International transfer of data In addition, for each of the above six macro areas, the Guide provides recommendations on the measures that companies and public entities can already put in place, in order to ensure compliance with specific provisions of the GDPR, which do not need further intervention at a national level for their implementation. The Guide will be amended, updated or supplemented in light of the...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES