GDPR Makes the EU’s Regulatory Reach Global
September 27, 2018
The European General Data Protection Regulation (GDPR) expands the scope of the EU’s data privacy regulatory framework to cover companies that process or control the personal data of employees or other individuals residing in the EU, regardless of the company’s location. Depending on local laws, companies may have to inform the relevant data protection authority and data subjects of a data breach, as stipulated by the GDPR. Whether in Europe, the United States or most other jurisdictions, any breach of the GDPR’s provisions concerning the requirement to give notice of a data breach could trigger an administrative penalty of up to four percent of the company’s annual global revenues or €20 million, whichever is greater.
In case of a personal data breach, a company — especially a multinational company doing business in Europe or conducting business involving individuals based in Europe — should take the following steps: Assess the risk; contain and mitigate damage; and notify the data protection authority where required.
Data protection policies should be implemented so that anyone involved in the process is aware of the rules for avoiding data breach and the measures to be taken in the event of a breach. A slew of recent high-profile incidents have resulted in lawmakers in the United States taking a much closer look at the relevant laws, and the data protection mechanisms that companies have in place today. Whether this will lead to comprehensive national data privacy legislation remains to be seen.
Read full article at:
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.