Morgan Lewis

GDPR Resource Centre

The far-reaching General Data Protection Regulation affects roughly two-thirds of the world’s business leaders.

The GDPR (2016/679), the European Union’s new privacy rule, went into effect on 25 May 2018. This sweeping regulation applies to all organisations within the EU—as well as those outside the EU if they offer goods or services to, or monitor the behavior of, individuals residing in the EU.

This sea-change regulation significantly changes how companies may collect and use the personal data of EU residents. And penalties for violating the GDPR are steep: up to the greater of 4% of a company’s global revenue or 20 million Euros (nearly $23.5 million).

Morgan Lewis is prepared to guide global companies and institutions through the challenges they face in this new regulatory environment. We assist clients in virtually all the major industries around the globe in understanding how these important changes will affect their businesses and how to navigate the changing data privacy landscape.

insight

The eData Guide to GDPR: Appropriate Safeguards in the GDPR

lawflash

French Decree Provides Details on How to Appoint a Data Protection Officer

lawflash

Data Transfers: Will the UK Be ‘Adequate’ After Brexit?

    Publications

    The New Personal Data Protection Rules in Merger & Acquisition Transactions  (February 2019)
    The eData Guide to GDPR: Appropriate Safeguards in the GDPR  (02/14/2019)
    The eData Guide to GDPR: What Is Consent?  (01/24/2019)
    The eData Guide to GDPR: Guidance Released on Territorial Scope of GDPR  (12/20/2018)
    Contract Corner: GDPR and Data Processing Addendums (Part 2 – Commercial Issues), Tech & Sourcing @ Morgan Lewis  (12/18/2018)
    The eData Guide to GDPR: Subject Access Requests  (12/12/2018)
    Contract Corner: GDPR and Data Processing Addendums (Part 1 – Precedence Clauses), Tech & Sourcing @ Morgan Lewis  (12/11/2018)
    France: When Personal Data Requests Divert from Their Intended Purpose, Can Employers Push Back?  (12/10/2018)
    GDPR: Specific Purpose  (12/06/2018)
    Austrian Data Protection Authority Finds No Claim for Specific Security Measures Under GDPR Article 32, Tech & Sourcing @ Morgan Lewis  (11/15/2018)
    The eData Guide to GDPR: When Is It Permissible to Use Data Beyond Its Original Purpose?  (10/24/2018)
    Data Protection: Issues of Legal Uncertainty Arising from the 2018 Act, The Financial Markets Law Committee  (10/04/2018)
    The eData Guide to GDPR: Transfer of Data in the GDPR: The Definition of Legitimate Interest  (10/02/2018)
    French Decree Provides Details on How to Appoint a Data Protection Officer  (09/25/2018)
    Data Transfers: Will the UK Be ‘Adequate’ After Brexit?  (09/19/2018)
    The eData Guide to GDPR: What is Processing and How Can It Be Done Lawfully, Fairly, and Transparently?  (09/04/2018)
    The eData Guide to GDPR: When Does the GDPR’s Extraterritorial Scope Apply?  (08/27/2018)
    The eData Guide to GDPR: Not All Businesses Are Treated the Same  (08/06/2018)
    The eData Guide to GDPR: GDPR Obligations for Controllers and Processors Both Inside and Outside the EU  (07/23/2018)
    European Court of Justice Sheds Light on Who Is a ‘Data Controller’ Under GDPR, Tech & Sourcing @ Morgan Lewis  (07/17/2018)
    The eData Guide to GDPR: What is Sensitive Personal Data?  (07/16/2018)
    The eData Guide to GDPR: What Is Personal Data Under the GDPR?  (07/09/2018)
    The eData Guide to GDPR: Whose Data Is Protected Under the GDPR?  (06/20/2018)
    The eData Guide to GDPR: What Is the GDPR?  (06/15/2018)
    European Data Protection Board Provides Guidance for GDPR Compliance on Consents, Tech & Sourcing @ Morgan Lewis  (06/07/2018)
    Germany Enacts GDPR Implementation Law  (06/06/2018)
    GDPR Litigation Begins on First Day  (06/01/2018)
    Can we rely on consent for processing personal data if we offer incentives?, Thomson Reuters Practical Law  ( May 2018)
    The eData Guide to the GDPR: Series Overview  (May 2018)
    GDPR’s New Requirements: What Investment Managers, Funds, Banks, and Broker-Dealers Need to Know  (04/17/2018)
    Legislature Approves Data Access Outside of the US (CLOUD Act)  (March 2018)
    European Data Privacy: Beware and Prepare  (02/08/2018)
    GDPR Spells Trouble for Two-Thirds of Global Business Leaders, Tech & Sourcing @ Morgan Lewis  (02/02/2018)
    Cloud Security Alliance Releases Code of Conduct for GDPR Compliance, Tech & Sourcing @ Morgan Lewis  (11/29/2017)
    ICO Offers Guidance for Contracts under the GDPR, Tech & Sourcing @ Morgan Lewis  (09/29/2017)
    The New European Data Privacy Regime  (07/21/2017)
    Advertisers, Data Collection, and the GDPR, Tech & Sourcing @ Morgan Lewis  (06/30/2017)
    French Data Protection Authority Provides Guidance on Preparing for GDPR  (03/28/2017)
    How the General Data Protection Regulation Will Apply to and Affect the UK  (03/22/2017)
    How Will Leaving the EU Affect UK Data Privacy  (March 2017)
    EU Proposed ePrivacy Rules to Extend to all Electronic Communications Providers, Tech & Sourcing @ Morgan Lewis  (01/11/2017)
    Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses  (January 3, 2017 (Updated January 4, 2017))
    SHOW MORE

    Events & Recordings

    Fast Break: GDPR  (02/21/2019)
    GDPR - Why it is Relevant to Your US Organization  (05/09/2018)
    2018 Annual Technology, Outsourcing & Commercial Contracts Networking Roundtable  (04/26/2018)
    What Do Technology Businesses Need to Know About the GDPR?  (05/22/2017)

    In the Media

    GDPR Checklist

    Consider these steps to point you in the direction of compliance and let Morgan Lewis lawyers provide more detailed analysis and advice.

    View the GDPR Checklist >>