As the clock ticks down to May 25, 2018, when the European Union’s General Data Protection Regulation (“GDPR”) becomes fully enforceable throughout the EU, the Internet and airwaves have become saturated with guidance for companies about what to expect and how to prepare for its new protections and restrictions. However, we’ve seen little intelligence for companies and their litigation counsel in situations where electronically-stored information (“ESI”) containing “personal data” resides in the EU and is relevant to discovery requests in American civil litigation.
In many ways, the process and procedures relating to transfers of personal data to the U.S. under the GDPR are similar – and similarly burdensome – to those of the existing privacy regime. However, the GDPR does introduce new transfer options and clarifies others. It has also added record-keeping and compliance reporting requirements as well as hefty penalties for non-compliance.
Our GDPR e-discovery series will examine these new and clarified transfer options for ESI containing personal data. We begin our series with a newly added transfer option – the Hail Mary pass of transfer options – contained in a GDPR provision permitting a one-time limited transfer where necessary to further a “compelling interest” of the transferring party.