Ius Laboris works with corporations to ensure compliance and give a clear understanding on rules relating to the processing of information, as they stand now and how they will be reshaped in the future. After all, data privacy is a hot topic in the technological age and raises important issues for individuals and businesses alike.
Data protection: Rules for the protection of personal data inside and outside the EU. Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens.
The regulation came into force on 24 May 2016 and will apply from 25 May 2018.
Who does the data protection law apply to?
The law applies to:
a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.
If your company is a small and medium-sized enterprise (‘SME’) that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn’t create risks for individuals, then some obligations of the GDPR will not apply to you (for example the appointment of a Data Protection Officer (‘DPO’)). Note that ‘core activities’ should include activities where the processing of data forms an inextricable part of the controller’s or processor’s activities.
International Data Privacy Law | Oxford Academic
A Q&A guide to data protection in the United States.
This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies.
To compare answers across multiple jurisdictions, visit the data protection Country Q&A tool.
This article is part of the global guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-guide.
Data Privacy Laws | Privacy Law Blog
The General Data Protection Regulation (GDPR) comes into force across the European Union (EU) on 25 May 2018. It will have an impact on EU fund managers and may have an impact on non-EU fund managers depending on their operations. Below are FAQs to help EU and non-EU fund managers determine the extent to which the …
Data Privacy Laws | Global Regulatory Compliance
With the General Data Protection Regulation (GDPR) just months away from taking effect, companies are up against a myriad of challenges to become compliant. Organizations that violate the law risk fines as high as 4% of annual revenue or €20 million, whichever is greater.
Because of its low triggering mechanism, the law will apply to most enterprise organizations, regardless of where they are located. The GDPR requires companies to have a comprehensive understanding of all the data they collect, as well as any data being collected by third-parties they’ve given access to their website, and how that data is being used.
But the challenges need to be swiftly addressed to avoid hefty penalties and fines. How to get there, especially when it comes to obtaining consumer consent, is a question many seem to be saving for the last minute.