April 19, 2024
Volume XIV, Number 110
Home
Legal Analysis. Expertly Written. Quickly Found.
Login

Trending News

EU Publishes Text of New General Data Protection Regulation
Saturday, December 19, 2015
European Union, EU, region, countries, continent, parliament, commission, committee, united nations, UN, council

Related Practices & Jurisdictions
Print Mail Download i

On December 17, 2015, following four years of sometimes acrimonious debate, the EU Parliament and Council of the European Union informally agreed on the final draft of the General Data Protection Regulation (“GDPR”). The GDPR will replace what privacy experts refer to simply as “95/48” –or the 1995 law known as EU Data Protection Directive— once officially adopted by the Parliament and Council of the EU. It will go into effect two years from passage.

Multinational companies should use the next two years to begin aligning privacy policies and practices with the principles in the new regulation. Key elements of the GDPR include:

  • One Law/One Rule: Unlike 95/46, which was enacted by EU individual member states, the GDPR applies to all EU member nations and is intended to create more consistency across the EU regarding data protection. A business that operates in more than one member state will now deal only with the Data Protection Authority (“DPA”) in the country where the business is most established. This lead DPA will handle cross border data transfers.

  • Broader Brush: The GDPR is expressly extra-territorial. It applies on its face to data controllers and processors outside the EU where their data processing activities affect EU residents. Also, the definition of “personal data” has been expanded to include information related to a data subject’s physical, physiological, genetic, mental, economic cultural or social identity.

  • Consent Rules: Consent remains a valid basis upon which to process data, though likely not in the employment context. Under the GDPR, consent must be freely given, specific, informed and constitute an unambiguous indication of the data subject’s agreement to the processing of the data subject’s personal data.

  • Data Breach Notification: The GDPR establishes a uniform data breach notification requirement applicable to all data controllers. In the event of a data breach leading to the loss, access or disclosure of personal data, controllers must notify the appropriate DPA “without undue delay,” and, where feasible, within 72 hours. Like many US data breach notification laws, GDPR contains a notice exception where the data is encrypted or where it is unlikely the data subject will be harmed.

  • Required Data Protection Officers: The GDPR requires data controllers and processors to appoint a data protection officer (“DPO”) if the business’s “core activities” consist of regular and systematic data subject monitoring or the processing of sensitive personal data (relating to, e.g., health, ethnicity, trade union membership) or data relating to criminal convictions and offenses.

  • Rules on Data Transfer: Binding Corporate Rules are recognized as the “gold standard” for data transfer. Also, data transfer out of the EU will be allowed where the European Commission has issued a decision affirming the adequacy of the level of data protection in the country where the data is being transferred. DPAs will not have to approve EU Model Contract Clauses, which remain valid under the GDPR.

  • Sanctions: GDPR gives data subjects a private right of action in EU courts. Data subjects will have a right to money damages from either controllers or processors for harm caused by processing personal data. DPAs will have enforcement authority similar to US regulators. A European Data Protection Board will issue opinions, adopt binding decisions and otherwise oversee data protection processes.

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

Pregnant Workers Fairness Act Final Regulations Released
by: Joseph J. Lynett , Katharine C. Weber
USCIS Issues Employment Authorization Procedures for Palestinians on Deferred Enforced Departure
by: Forrest G. Read IV
OSHA Proposes Expansion of Workplace Protections for Emergency Responders
by: Courtney M. Malveaux , Melanie L. Paul
Ninth Circuit Holds Warehouse Worker Qualifies as Transportation Worker Under FAA Exemption
by: Scott P. Jang
MSHA Issues Long Awaited Final Silica Rule
by: Karl F. Kumli
Labor Commissioner’s FAQ on Fast Food Minimum Wage
by: Laura A. Pierson-Scheinberg , Benjamin A. Tulis
New Study Shows Gen Z LGBTQIA+ Students, Graduates Value, Seek Out Inclusive Workplaces
by: Teresa Burke Wright
DHS Extends, Redesignates Temporary Protected Status for Ethiopia
by: Forrest G. Read IV
Privacy Versus Cyber – What is the Bigger Risk?
by: Joseph J. Lazzarotti
Top Five Labor Law Developments for March 2024
by: Jonathan J. Spitz , Richard F. Vitarelli

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins

 

Logo-white

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

Copyright ©2024 National Law Forum, LLC