The far-reaching General Data Protection Regulation affects roughly two-thirds of the world’s business leaders.
The GDPR (2016/679), the European Union’s new privacy rule, went into effect on 25 May 2018. This sweeping regulation applies to all organisations within the EU—as well as those outside the EU if they offer goods or services to, or monitor the behavior of, individuals residing in the EU.
This sea-change regulation significantly changes how companies may collect and use the personal data of EU residents. And penalties for violating the GDPR are steep: up to the greater of 4% of a company’s global revenue or 20 million Euros (nearly $23.5 million).
Morgan Lewis is prepared to guide global companies and institutions through the challenges they face in this new regulatory environment. We assist clients in virtually all the major industries around the globe in understanding how these important changes will affect their businesses and how to navigate the changing data privacy landscape.
Partner Tess Blair spoke with Law360 about several basic compliance steps that companies should take to comply with GDPR requirements.