GDPR Resource Centre

The far-reaching General Data Protection Regulation affects roughly two-thirds of the world’s business leaders.

The GDPR (2016/679), the European Union’s new privacy rule, went into effect on 25 May 2018. This sweeping regulation applies to all organisations within the EU—as well as those outside the EU if they offer goods or services to, or monitor the behavior of, individuals residing in the EU.

This sea-change regulation significantly changes how companies may collect and use the personal data of EU residents. And penalties for violating the GDPR are steep: up to the greater of 4% of a company’s global revenue or 20 million Euros (nearly $23.5 million).

Morgan Lewis is prepared to guide global companies and institutions through the challenges they face in this new regulatory environment. We assist clients in virtually all the major industries around the globe in understanding how these important changes will affect their businesses and how to navigate the changing data privacy landscape.

insight

AI and Privacy Are on a Collision Course

lawflash

Pending EU ePrivacy Regulation Could Bring Major Changes to Metadata Processing, Cookie Consents

lawflash

A New Dawn for Data Transfers

event

Privacy Rights at a Crossroads

Publications

EU Digital Green Certificate: Data Protection Considerations (04/27/2021)

AI and Privacy Are on a Collision Course (02/24/2021)

Pending EU ePrivacy Regulation Could Bring Major Changes to Metadata Processing, Cookie Consents (02/11/2021)

A New Dawn for Data Transfers (01/07/2021)

ICO GDPR Fines Reduced to £20m and £18.4m to Reflect British Airways and Marriott Mitigating Factors, Tech & Sourcing @ Morgan Lewis (11/06/2020)

Schrems II Could Disrupt US Courts’ Common Ground on eDiscovery and Data Transfers from Europe (08/24/2020)

No Grace Period After Invalidation of EU-US Privacy Shield in Schrems II (07/27/2020)

The End of the US-EU Privacy Shield, but Standard Contractual Clauses Remain Valid (07/17/2020)

Employers Are Not Liable for Rogue Employee Data Breaches (04/01/2020)

Coronavirus v. GDPR: Suspending Data Privacy Protection During Civil Crisis (03/09/2020)

The eData Guide to GDPR: Binding Corporate Rules and Privacy Shield (02/11/2020)

The eData Guide to GDPR: New York’s SHIELD Act Defines Records Management as a Reasonable Safeguard (01/29/2020)

European Data Transfers: ECJ Advocate General Greenlights Standard Contractual Clauses (12/20/2019)

The eData Guide to GDPR: Anonymization and Pseudonymization Under the GDPR (12/09/2019)

Businesses Already Struggle with a Panoply of New Privacy Laws. The CCPA Is Next., American Institute for Contemporary German Studies–John Hopkins University (12/04/2019)

Understanding Privacy Rights Under the GDPR (09/05/2019)

LawFlash: Record Fines Proposed for GDPR Infringement, Tech & Sourcing @ Morgan Lewis (08/05/2019)

UK ICO Flexes Its Muscles in Issuing Significant Fines for Alleged GDPR Infringement (07/17/2019)

Data Transfer in the GDPR: The Public Register Derogation (07/01/2019)

The GDPR One Year On: Key Areas for International Businesses (06/04/2019)

The eData Guide to GDPR: More US States Explore Privacy Protection Regulation (06/03/2019)

US Trade Representative – GDPR Being Considered a Trade Obstacle, MMR-Aktuell (05/30/2019)

One Year GDPR: What Comes Next? (05/22/2019)

US Trade Representative Claims GDPR Implementations Lead to Trade Barriers (April 2019)

New Report Proposes Reforms to ‘Blocking Statute’ to Protect French Companies (04/17/2019)

The eData Guide to GDPR: California Federal Court Rejects GDPR as a Means to Block Discovery (04/17/2019)

Poland’s Personal Data Protection Office Issues First GDPR Fine (04/02/2019)

The eData Guide to GDPR: What is Privacy by Design and by Default? (03/11/2019)

The New Personal Data Protection Rules in Merger & Acquisition Transactions (February 2019)

The eData Guide to GDPR: Appropriate Safeguards in the GDPR (02/14/2019)

The eData Guide to GDPR: What Is Consent? (01/24/2019)

The eData Guide to GDPR: Guidance Released on Territorial Scope of GDPR (12/20/2018)

Contract Corner: GDPR and Data Processing Addendums (Part 2 – Commercial Issues), Tech & Sourcing @ Morgan Lewis (12/18/2018)

The eData Guide to GDPR: Subject Access Requests (12/12/2018)

Contract Corner: GDPR and Data Processing Addendums (Part 1 – Precedence Clauses), Tech & Sourcing @ Morgan Lewis (12/11/2018)

France: When Personal Data Requests Divert from Their Intended Purpose, Can Employers Push Back? (12/10/2018)

GDPR: Specific Purpose (12/06/2018)

Austrian Data Protection Authority Finds No Claim for Specific Security Measures Under GDPR Article 32, Tech & Sourcing @ Morgan Lewis (11/15/2018)

The eData Guide to GDPR: When Is It Permissible to Use Data Beyond Its Original Purpose? (10/24/2018)

Data Protection: Issues of Legal Uncertainty Arising from the 2018 Act, The Financial Markets Law Committee (10/04/2018)

The eData Guide to GDPR: Transfer of Data in the GDPR: The Definition of Legitimate Interest (10/02/2018)

French Decree Provides Details on How to Appoint a Data Protection Officer (09/25/2018)

Data Transfers: Will the UK Be ‘Adequate’ After Brexit? (09/19/2018)

The eData Guide to GDPR: What is Processing and How Can It Be Done Lawfully, Fairly, and Transparently? (09/04/2018)

The eData Guide to GDPR: When Does the GDPR’s Extraterritorial Scope Apply? (08/27/2018)

The eData Guide to GDPR: Not All Businesses Are Treated the Same (08/06/2018)

The eData Guide to GDPR: GDPR Obligations for Controllers and Processors Both Inside and Outside the EU (07/23/2018)

European Court of Justice Sheds Light on Who Is a ‘Data Controller’ Under GDPR, Tech & Sourcing @ Morgan Lewis (07/17/2018)

The eData Guide to GDPR: What is Sensitive Personal Data? (07/16/2018)

The eData Guide to GDPR: What Is Personal Data Under the GDPR? (07/09/2018)

The eData Guide to GDPR: Whose Data Is Protected Under the GDPR? (06/20/2018)

The eData Guide to GDPR: What Is the GDPR? (06/15/2018)

European Data Protection Board Provides Guidance for GDPR Compliance on Consents, Tech & Sourcing @ Morgan Lewis (06/07/2018)

Germany Enacts GDPR Implementation Law (06/06/2018)

GDPR Litigation Begins on First Day (06/01/2018)

Can we rely on consent for processing personal data if we offer incentives?, Thomson Reuters Practical Law ( May 2018)

The eData Guide to the GDPR: Series Overview (May 2018)

GDPR’s New Requirements: What Investment Managers, Funds, Banks, and Broker-Dealers Need to Know (04/17/2018)

Legislature Approves Data Access Outside of the US (CLOUD Act) (March 2018)

European Data Privacy: Beware and Prepare (02/08/2018)

GDPR Spells Trouble for Two-Thirds of Global Business Leaders, Tech & Sourcing @ Morgan Lewis (02/02/2018)

Cloud Security Alliance Releases Code of Conduct for GDPR Compliance, Tech & Sourcing @ Morgan Lewis (11/29/2017)

ICO Offers Guidance for Contracts under the GDPR, Tech & Sourcing @ Morgan Lewis (09/29/2017)

The New European Data Privacy Regime (07/21/2017)

Advertisers, Data Collection, and the GDPR, Tech & Sourcing @ Morgan Lewis (06/30/2017)

French Data Protection Authority Provides Guidance on Preparing for GDPR (03/28/2017)

How the General Data Protection Regulation Will Apply to and Affect the UK (03/22/2017)

How Will Leaving the EU Affect UK Data Privacy (March 2017)

EU Proposed ePrivacy Rules to Extend to all Electronic Communications Providers, Tech & Sourcing @ Morgan Lewis (01/11/2017)

Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses (January 3, 2017 (Updated January 4, 2017))

Events & Recordings

Privacy Rights at a Crossroads: Parallel Enforcement of “Consumer Control” by Privacy Regulators and Antitrust Authorities (05/14/2020)

The GDPR One Year On: Where Next? (05/22/2019)

Fast Break: GDPR (02/21/2019)

GDPR - Why it is Relevant to Your US Organization (05/09/2018)

2018 Annual Technology, Outsourcing & Commercial Contracts Networking Roundtable (04/26/2018)

What Do Technology Businesses Need to Know About the GDPR? (05/22/2017)

In the Media

Data Breach Class Actions Still Unclear in UK, Despite Recent 'Morrisons' Victory, Legaltech News (04/13/2020)

Morgan Lewis partner Pulina Whitaker was quoted in a Legaltech News article about a recent UK Supreme Court ruling relating to a landmark data breach case. The ruling provides some clarification on corporate data breach liabilities.

Morrisons Ruling Leaves Door Open For Data Breach Suits, Law360 (04/02/2020)

Morgan Lewis partner Pulina Whitaker was quoted in a Law 360 article about a recent UK Supreme Court ruling relating to a landmark data breach case.

Privacy Is Big, Complicated and on a Shorter Clock Than You Think, Legaltech News (02/04/2020)

Morgan Lewis partner Tess Blair’s comments during Legalweek New York’s “GDPR & CCPA Are Fueling High Demand for On-Point RegTech Solutions” panel were featured in a Legaltech News article.

GDPR’s effects are felt far from Europe, International Financing Law Review (06/06/2019)

Morgan Lewis partners Pulina Whitaker and Ezra Church were interviewed for an International Financing Law Review article about the worldwide effects of the GDPR.

Companies Working Through GDPR 'Kinks,' Intellectual Property Magazine (05/24/2019)

Morgan Lewis partners Pulina Whitaker and Ezra Church comment in an Intellectual Property Magazine article about confusion that remains one year after the General Data Protection Regime (GDPR) was implemented.

As GDPR Enters Second, Year Companies Still Searching for Answers (05/24/2019)

Morgan Lewis partners Ezra Church and Pulina Whitaker were interviewed by Law360 about what questions remain for organizations one year on from the implementation of the General Data Protection Regulation (GDPR).

What to Know About Complying with GDPR (05/31/2018)

Partner Tess Blair spoke with Law360 about several basic compliance steps that companies should take to comply with GDPR requirements.