Japan and the European Union announced an agreement in principle on major components of a substantial free trade deal on the eve of the recent G20 summit in Hamburg. This free trade deal rivals NAFTA in scope and impact, as it will impact 40 percent of the world’s trade. Once finalized, this free trade pact

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next twelve (12) months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part #2 of this GDPR Series is brought to you by Mills & Reeve, a United Kingdom law firm. Other blog entries in this series will be brought to you by the law firms of Graf von Westphalen (Germany), FIDAL, (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

In any major project there is an analysis phase – involving a careful examination of your organization’s current set-up and what needs to be done to deliver the project successfully. Preparing for the GDPR is no exception. Depending on the structures and practices of your organization, compliance could require a significant allocation of resources to ensure that you are ready by the implementation date: 25 May 2018.

So what can be done to get started?

Perhaps the best first step is to conduct a self-assessment audit. This will help organizations map the likely impacts of the changes in data protection law on their activities.

A few key points are worth looking at in detail:
Continue Reading General Data Protection Regulation (GDPR) Series Part #2: The Importance of Self-Assessment

The GDPR will apply as of May 25, 2018. It provides a single set of very innovative rules directly applicable in the entire European Union (EU), without the need for national implementing measures—which means that any personal data processing ongoing at this date shall be in compliance with the GDPR. This leaves one year for companies to ensure compliance with the GDPR.

The GDPR provides for a scope of application wider than processing undertaken in EU countries. Indeed, it will also apply to data controllers or subcontractors not established within the EU which are in charge of data processing with the aim to provide goods and services to EU residents or to monitor EU residents’ behavior.

A business can take several steps in order to organize compliance with provisions of the GDPR:
Continue Reading GDPR Effective Date and Geographical Scope of Application

In 2016, new privacy, cybersecurity and/or data security legislation passed or became effective in a number of countries, some adopting data security measures for the first time. Several countries adopted cybersecurity focused measures with criminal penalties, hoping to more effectively combat cyber-attacks. Other countries implemented or strengthened regulations on the collection and handling of their

Last July, the United States and the European Union agreed on a new framework to allow for the transfer of Europeans’ personal data to the United States. This new framework, known as Privacy Shield, replaced the Safe Harbor Principles which the European Court of Justice struck down over concerns about the U.S.’s government’s online data

This article co-authored with guest blogger Peter Wainman, a partner with Mills & Reeve LLP

Transfers of personal data from most European countries to the U.S. have been exposed to legal attack since October 2015, when privacy campaigner Max Schrems successfully sued the Irish authorities over data transfers made by Facebook Ireland.  The main objection

This article courtesy of guest blogger Michael Ferron, a student at Roger Williams University School of Law

The recognition by the European Union of a “Right to be Forgotten” has caused much controversy, but seemingly progress is being made. The Right, which entitles Europeans to petition data controllers to prevent harmful information about them from

Bitstamp, the third largest Bitcoin exchange in the world and located in Luxembourg, announced on April 25, 2016, that it has obtained a payment institution license from Luxembourg, which means it is the first nationally licensed Bitcoin exchange in the world.

The license was obtained through the European Union’s passport program, which gives reciprocity for

As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor to transfer data from the EU to the US. The Privacy Shield negotiations were accelerated in response to the