GDPR

California Consumer Privacy Act of 2018 – GDPR Lite?

By Susan Kohn Ross and Aaron Wais

In a compromise to avoid a ballot measure, at the very last moment on the very last day, just before the stroke of midnight, on June 29, 2018, the California legislature passed and Governor Brown signed into law the California Consumer Privacy Act of 2018 (the “Act”), which takes effect on January 1, 2020. Many of its provisions are similar to the General Data Protection Regulations (“GDPR”), which took effect in Europe at the end of May, and required companies to institute new internal data privacy regimes. So, while those companies which prepared for the GDPR are well on their way to gaining compliance with this new law, there is still much to be done by them and especially those companies which were not impacted by the GDPR. (more…)

The GDPR is Coming – Are You Ready?

GDPR Webinar Invite l BackgroundBy Susan Kohn Ross and Aaron Wais

On May 25, 2018, important European regulations regarding data privacy and protection go into effect that will have a major impact on American companies, many of whom don’t realize they will be subject to compliance with its requirements. The General Data Protection Regulations (the “GDPR”) will have severe penalties for non-compliance (as high as €20 million or 4% of annual worldwide turnover). The GDPR will also have very broad territorial reach applying not only to European entities, but also to entities located outside of Europe (including those in the U.S.) that process the personal data of living European individuals residing in the covered countries, including if the company:

  • Offers goods or services to individuals in the covered countries (e.g., e-commerce, capital raising, fund raising, immigration);
  • Employs individuals in one or more of the countries;
  • Monitors the behavior of individuals in any of these countries; and
  • Collects, stores, or processes the personal data of affected individuals on behalf of others.

For these purposes, the European definition of personal data mirrors nicely the American definition of personally identifiable information. Given the severe penalties and broad reach, it is important that each company in the U.S. consider whether the GDPR applies to its operations and, if so, how best to comply. (more…)