- Criminal Judge Asks Cotchett, Pitre & McCarthy to Weigh in on PG&E's Safety Record
- Defrauded Investors May Lose Their Right to Recovery: Trump Administration Pushes for Regulatory Changes that Would Allow Companies to Avoid Securities Class Actions Through the Use of Mandatory Arbitration Agreements
- Finra Enacts Important Rule to Protect Seniors Against Fraudulent Activity
- The CPFB Remains Under Attack: Consumers Should Care About an Agency that has Recovered More than $11.9 Billion for Everyday Workers
- Supreme Court Upholds Right to Bring Securities Act Class Actions in State Court
- Cracking Down on the “Rehab Riviera”
- Protecting Our Seniors—Stating a Cause of Action for Elder Abuse is Not as Difficult as Defendants Often Claim
- “Smart” toys raise privacy and safety concerns for kids
- Is your cell phone tracking every move you make?
Strict new privacy and data protections soon take effect in European countries
The number of data breaches occurring in the United States has privacy advocates watching new privacy laws that will soon take effect in European Union (“EU”) countries.
The General Data Protection Regulation (“GDPR”) takes effect on May 25, 2018. GDPR is an EU regulation addressing how companies collect and use personal information. Among other things, it requires that data breaches be reported to officials, and in some cases customers, within 72 hours of discovering the breach.
Other provisions of the GDPR require companies to obtain informed consent to use or store a person’s data. The law also sets forth how quickly data must be removed upon a person’s request based on the person’s “right to be forgotten.”
The GDPR applies to companies regardless of whether they have significant operations in EU countries. Failure to comply will subject a company to a fine of up to 4% of its global revenue or 20 million Euros, whichever is greater.