Strict new privacy and data protections soon take effect in European countries

The number of data breaches occurring in the United States has privacy advocates watching new privacy laws that will soon take effect in European Union (“EU”) countries.

The General Data Protection Regulation (“GDPR”) takes effect on May 25, 2018. GDPR is an EU regulation addressing how companies collect and use personal information. Among other things, it requires that data breaches be reported to officials, and in some cases customers, within 72 hours of discovering the breach.

Other provisions of the GDPR require companies to obtain informed consent to use or store a person’s data. The law also sets forth how quickly data must be removed upon a person’s request based on the person’s “right to be forgotten.”

The GDPR applies to companies regardless of whether they have significant operations in EU countries. Failure to comply will subject a company to a fine of up to 4% of its global revenue or 20 million Euros, whichever is greater.

Cotchett, Pitre & McCarthy, LLP is monitoring implementation of the GDPR. Joe Cotchett, Gwendolyn Giblin, and team are heading the investigations into data breach and privacy violations.