The General Data Protection Regulation – better referred to as GDPR – is a new data privacy and protection regime developed by the EU, which will take effect on May 25, 2018.
GDPR was designed to provide stronger protections for an individual’s personal data and imposes a number of requirements on controllers and processors of such data. While the GDPR is a European regulation, its reach will be long enough that it will also have an impact on US companies, many of which wouldn’t generally be subject to EU laws.
US companies involved in the processing of personal data of individuals living in the EU may be subject to GDPR, even if the organization has no established base in the EU. According to the GDPR, personal data is defined as “any information relating to an identified or identifiable natural person.” Processing refers to “any operation or set of operations which is performed on personal data or on sets of personal data.”
Your legal department will need to review the new rules thoroughly to determine how they may apply to your individual situation, but one major issue is consumer consent. To ensure that EU-focused data-collection processes are compliant with the new regulations, many companies will need to adjust their online marketing forms and interactions to obtain specific consumer consent.
The implementation of GDPR is going to bring about a number of changes in the way organizations collect data. It will also require organizations to stay up to date with changes and updates made – not just to the GDPR, but also to similar U.S. regulations that may be looking to follow the EU’s lead on privacy concerns. A strong market intelligence program can keep your organization up to date with these changes so your company can stay up to date and avoid surprises.
For more legal industry news, check out our weekly industry insights podcast, Legal Innovation Central.
This article was originally published on ShiftCentral, now part of LAC Group.