The GDPR (General Data Protection Regulation) outlines a series of amendments to the data protection and data privacy requirements applicable to all companies with European customers, regardless of where the company’s headquarters reside.

Some of the proposed amendments include:

  • penalties of up to €100 million, or 2.5% of annual worldwide turnover, whichever is greater
  • increased territorial scope
  • tighter requirements for obtaining valid consent to the processing of personal data
  • enhanced restrictions on profiling and targeted advertising
  • new data breach reporting obligations
  • direct legal compliance obligations for “data processors”
  • extended data protection rights for individuals, including the “right to be forgotten” clause
  • processing companies—such as third-party vendors or technology service providers—are now subject to regulation and privacy compliance

All indicators point toward a 2017 deadline for sign-off. We’ll have to wait and see which amendments are officially adopted. It sure proves to be an exciting ride. No doubt, cloud providers (if they haven’t done so already) will begin planning for these changes immediately so they don’t fall farther behind the eight ball.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.