August 23, 2019

August 22, 2019

Subscribe to Latest Legal News and Analysis

August 21, 2019

Subscribe to Latest Legal News and Analysis

August 20, 2019

Subscribe to Latest Legal News and Analysis


GDPR Day is here.  But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”   It’s more like the new Sarbanes-Oxley.

Over the coming days and weeks (and months) ahead, we’ll be writing about compliance challenges being faced and discussing some of the misconceptions (and outright misstatements) that are percolating around GDPR, its application, and its requirements.   We will also be closely following developments in the EU with respect to enforcement actions, member state laws following GDPR, and new guidance from the European Data Protection Board (EDPB) that just completed its first day of work today.

According to the new chair of the EDPB, Andrea Jelinek, Head of Austria’s Data Protection Authority, the Board is fully functioning, despite the fact that not all EU member states have caught up. According to the chair, the EDPB and national Data Protection Authorities have already received their first complaints regarding consent. The Board has adopted new guidelines on consent and certification.

As we’ve reminded our readers and attendees at our webinars many times, Jelinek said that there is no grace period as companies have had two years to prepare for the GDPR, but the DPAs would follow the proportionality principle when issuing fines.

The countries that have so far adopted new national laws include Germany, Austria, Slovakia, Denmark, Sweden, UK, the Netherlands, Poland, Italy, Belgium, Ireland and Croatia. France has adopted an Act but it is now under constitutional review. Jelinek said it is up to the European Commission whether to launch infringement procedures on the countries that have missed the deadline.

The GDPR is a game changer.   Welcome to the new world of data protection.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

Susan L. Foster, Mintz Levin Law, Information Privacy Lawyer, Start Up Attorney

Susan is qualified in England and Wales as well as California, and has experience practicing law in both the United States and the United Kingdom. She has been based in Mintz Levin’s London office since September 2007, and worked in the United Kingdom for another international law firm from 2001 to 2004.

Susan works with clients primarily on licensing, collaborations, and commercial matters in the fields of clean tech, high tech, mobile media, and life sciences. She has represented a broad range of clients, from start-up companies to international industry leaders, and has significant experience with cross-border transactions.

Within the life sciences, Susan has assisted biotech, pharmaceutical, diagnostic, and medical device companies with licenses, collaborations, spin-offs, and agreements relating to consulting services, R&D, manufacturing, and distribution. She has also advised clients on intellectual property due diligence for transactions valued up to $27 billion.

Within the high-tech and mobile media fields, Susan has advised clients on deals involving the sale and licensing of intellectual property rights; multi-tier distribution arrangements; OEM and value-added reseller arrangements; research, development, and consulting activities; and the provision and outsourcing of technology services. She has assisted mobile media and Internet services clients with service agreements and content licenses, including user-generated content and web-to-mobile deals.