The European Union has enacted a new General Data Protection Regulation (GDPR) that will take effect on May 25,
What is personal data? It is any information relating to an identified or identifiable natural person.
The GDPR applies to every situation in which any type of business (for example, online or brick and mortar retail stores, landlords, accountants, real estate and insurance brokers, publishers, consumer goods manufacturers, healthcare companies) collects personal data from a "data subject" - European citizens and residents as well as nationals of other countries who are in the borders of the EU when the personal data is processed. Personal data may be collected through a form on an app, via a corporate website, at the point of sale of a product or at a conference. For instance, if a business has a contact form on their website or at the point of sale, and individuals located in the EU are not automatically excluded (i.e., if the contact form has a space for country, and persons checking "EU" or an EU member nation are permitted to go to the next step and complete the form), then the business is subject to the GDPR.
If a business is in negotiations with EU data subjects, and the business is gathering personal data about individuals, then the GDPR applies. Basically, if there is any action that a business takes or may in the future take in connection with EU data subjects where personal data is gathered (such as a person's name, address or national identification number), the GDPR applies. The GDPR also applies if a business established outside the EU is processing personal data in the EU, collecting or processing personal data of EU data subjects, or has a temporary or permanent location in the EU.
Upholding and enforcing the privacy rights of citizens of the European Union is the critical focus of the GDPR.
These are some of the actions that businesses are taking to comply with the GDPR:
If your business collects personal data from European data subjects, then understanding the GDPR and implementing new protocols are critical to properly managing their personal data. Working with counsel who partners with European privacy experts is one way to navigate this new system.
|Goldsmith, Amy B. Partner and Co-Chair of Intellectual Property Group||Partner and Co-Chair of Intellectual Property Group||212.216.1135|