Being referred to by the European Union as the most important change in data privacy regulation in 20 years, the new EU General Data Protection Regulation (GDPR) comes into effect on May 25, 2018. There is even a ‘countdown’ clock on the website and under the GDPR, “Personal Data” means information relating to an identified or identifiable natural person (including email addresses, telephone numbers, addresses and IP addresses). While the European Commission has determined a number of countries already meet the ‘adequate protection’ test, the United States is not one of them!
As most readers of Legal Bytes already know, personal data cannot be transferred to from the EU to a non-European Union/European Economic Area country, unless that country can ensure “adequate levels of protection” for such personal data.
As background, in July of 2016, a new framework for the movement of personal data between the EU and the US was finalized – EU-U.S. and Swiss-U.S. Privacy Shield Frameworks – which was put into place in an effort to meet the requirements of the EU Data Directive. However, critics noting the holes in that framework, have generated increasing concern as the 2018 effective date of the new EU GDPR approaches. A few months ago, immediately following the inauguration ceremony, President Trump issued United States’ Executive Order 13768 (January 25, 2017) that has created even greater concern. While it is possible a new or refined agreement and framework may be put into place in the months leading up to 2018, there is no certainty.
What do you need to know? What should you consider doing now? My colleague Jill Williamson has written an article which has been published in Risk & Compliance Magazine, entitled “The Fragile Framework of the Privacy Shield“. If you want to know more about the privacy and data protection implications of the new framework, its potential risks to your business and what you should be considering as you look to the future, feel free to contact Jill Williamson directly. Of course, you can always contact me, Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.