April 18, 2019

April 18, 2019

Subscribe to Latest Legal News and Analysis

April 17, 2019

Subscribe to Latest Legal News and Analysis

April 16, 2019

Subscribe to Latest Legal News and Analysis

April 15, 2019

Subscribe to Latest Legal News and Analysis


GDPR Day is here.  But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”   It’s more like the new Sarbanes-Oxley.

Over the coming days and weeks (and months) ahead, we’ll be writing about compliance challenges being faced and discussing some of the misconceptions (and outright misstatements) that are percolating around GDPR, its application, and its requirements.   We will also be closely following developments in the EU with respect to enforcement actions, member state laws following GDPR, and new guidance from the European Data Protection Board (EDPB) that just completed its first day of work today.

According to the new chair of the EDPB, Andrea Jelinek, Head of Austria’s Data Protection Authority, the Board is fully functioning, despite the fact that not all EU member states have caught up. According to the chair, the EDPB and national Data Protection Authorities have already received their first complaints regarding consent. The Board has adopted new guidelines on consent and certification.

As we’ve reminded our readers and attendees at our webinars many times, Jelinek said that there is no grace period as companies have had two years to prepare for the GDPR, but the DPAs would follow the proportionality principle when issuing fines.

The countries that have so far adopted new national laws include Germany, Austria, Slovakia, Denmark, Sweden, UK, the Netherlands, Poland, Italy, Belgium, Ireland and Croatia. France has adopted an Act but it is now under constitutional review. Jelinek said it is up to the European Commission whether to launch infringement procedures on the countries that have missed the deadline.

The GDPR is a game changer.   Welcome to the new world of data protection.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer

Cynthia is Chair of the firm’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP).  She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.

Cynthia has extensive...

Susan L. Foster, Mintz Levin Law, Information Privacy Lawyer, Start Up Attorney

Susan is qualified in England and Wales as well as California, and has experience practicing law in both the United States and the United Kingdom. She has been based in Mintz Levin’s London office since September 2007, and worked in the United Kingdom for another international law firm from 2001 to 2004.

Susan works with clients primarily on licensing, collaborations, and commercial matters in the fields of clean tech, high tech, mobile media, and life sciences. She has represented a broad range of clients, from start-up companies to international industry leaders, and has significant experience with cross-border transactions.

Within the life sciences, Susan has assisted biotech, pharmaceutical, diagnostic, and medical device companies with licenses, collaborations, spin-offs, and agreements relating to consulting services, R&D, manufacturing, and distribution. She has also advised clients on intellectual property due diligence for transactions valued up to $27 billion.

Within the high-tech and mobile media fields, Susan has advised clients on deals involving the sale and licensing of intellectual property rights; multi-tier distribution arrangements; OEM and value-added reseller arrangements; research, development, and consulting activities; and the provision and outsourcing of technology services. She has assisted mobile media and Internet services clients with service agreements and content licenses, including user-generated content and web-to-mobile deals.