What happens to your GDPR Compliance Program in the event that the UK leaves the EU without striking an agreement with the EU. Here is a summary of actions you will likely need to take, followed by a more detailed explanation. Revise your standard contractual clauses for transfers from the EU to the UK […]
As the new sheriff in town, the GDPR casts a dark shadow over businesses processing direct marketing data. The regulation has businesses wondering if they must obtain new consents for their entire marketing database. The answer is “it depends.” This problem arises from Recital 171 of the GDPR which states: “Where processing is based […]
On May 25th, 2018, EU lawmakers unleashed the GDPR—a new privacy law capable of delivering a financial blow to businesses across the globe, not just in Europe. The data which drives email marketing programs must be processed and stored in accord with the GDPR. Recital 47 of the GDPR states: “The processing of personal data […]
Just when you thought you could catch your breath, California, on June 28, 2018, enacted the strictest data privacy law in the United States—the California Consumer Privacy Act (“CCPA”). With striking resemblances to the GDPR, the new law will carry with it broad implications for businesses providing services to, or collecting data from, California consumers. […]
The powerful nature of the GDPR has instilled fear among businesses across the globe. As most companies rush toward compliance, some try to hide behind others. Just weeks after the GDPR came into effect, the European Court of Justice (ECJ) decided a case that made clear that businesses cannot avoid liability by hiding behind other […]
In light of the GDPR’s stringent requirements for consent, HR departments will need to review the legal basis for processing employee data under employment contracts based on consent. The GDPR heightened the requirements for using consent as a legal basis, making this method risky and burdensome. The GDPR requires that consent must be: (1) freely […]