EU Data Protection Regulation


Decisions you make when founding and/or investing in an insurtech venture can dictate your regulatory obligations, tax liability, operational structure and, ultimately, profitability.

Here are five seemingly simple questions to ask when launching an insurtech venture (and do not miss question #3): Continue Reading Five Questions for Investors in Insurtech

Since September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation. The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

Access, Correction and Erasure: How to Minimize the Burden (2/16/2017)

This webinar, the sixth and final in our EU General Data Protection Regulation Series, considers companies’ obligations to give individuals access to their data and to correct or erase it.  We explore the new data portability requirements. The webinar concludes with some suggestions on how to make these requirements less burdensome.

Transferring Data from the EU (1/12/2017)

This webinar, the fifth in our EU General Data Protection Regulation Series, explores the ways in which the Regulation creates new avenues for data transfers, and narrows others. In particular, we consider sector-specific Commission decisions, privacy seals/certifications, the exception for non-repetitive, limited transfers, and the outlook for BCRs and Model Clauses.

Data Protection Officers: Do You Need One? (12/15/2016)

This webinar, the fourth in our EU General Data Protection Regulation Series, examines the criteria that dictate whether or not your organization needs to appoint a Data Protection Officer. We discuss the role of the DPO, the significance of the “independence” requirement, and the qualifications required to hold the position.

Good-bye to the Cure-all: The New Rules on Consent (11/10/2016)

This webinar, the third in our EU General Data Protection Regulation Series, reviews the new restrictions on relying on user consent to data processing and data transfers. In addition to the general “imbalance of power” problem, we consider the implications of the Directive on unfair terms in consumer contracts and changes that may need to be made to terms of use and privacy policies when dealing with consumers.

Accountability, Data Security, Data Impact Assessments and Breach Notification Requirements (10/13/2016)

This webinar, the second in our EU General Data Protection Regulation Series, focuses on the data security and accountability requirements of the Regulation, including reviews and documentation of internal policies and procedures and data impact assessments. We also explore the breach notification requirements and actions that companies can take in advance to mitigate the need for breach notification.

One-Stop Shopping Mall? The New Regulatory Structure (9/14/2016)

This webinar, the first in our EU General Data Protection Regulation Series, explains the powers and role of the new European Data Protection Board, how a “lead supervisory authority” will be designated for each controller, and how the lead supervisory authority will interact with other interested supervisory authorities. We also look at the complaint process from the point of view of the individual who is claiming a violation, and explore the likely role that will be played by public interest organizations bringing group complaints.

The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider.  One crucial aspect you need to be thinking about now is how your organization collects and manages consents from individuals for processing their personal information.  Without a strong understanding of what valid consent means under the GDPR, before long you may find yourself holding valuable data that you are not able to process as you need to for your business.

To this end, the Information Commissioner’s Office (the “ICO”), the data protection authority for the UK, last week published a consultation draft of its GDPR consent guidance.  This is a practical resource meant to help organizations get to grips with the GDPR’s consent requirements and align their internal procedures and processing activities, as well as their customer-facing websites, marketing materials, and product infrastructure.   Although the UK ICO cannot speak for the other EU data protection authorities, they have a good track record of producing practical guidance set out in accessible language, which makes the ICO website a good first stop for US companies seeking to understand their obligations in the EU.  We encourage you to review this helpful resource and provide feedback to the ICO using their comment form by March 31.  We also offer this high-level snapshot of a few key points: Continue Reading It’s Not Too Early! ICO Guidance Regarding Consent Under GDPR

Since September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation. The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

This week’s webinar will consider companies’ obligations to give individuals access to their data and to correct or erase it.  We will also explore the new data portability requirements.  The webinar will conclude with some suggestions on how to make these requirements less burdensome. We hope you can join us!

Registration link is here.

Since September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation. The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

This week, we’ll explore the ways in which the Regulation creates new avenues for data transfers, and narrows others. In particular, we will consider sector-specific Commission decisions, privacy seals/certifications, the exception for non-repetitive, limited transfers, and the outlook for BCRs and Model Clauses. Make sure to join us for this important webinar!

Registration link is here.

It’s likely that 2017 will see still more data breaches and hacking stories, and companies should be looking closely at cybersecurity as a risk management issue, and not as an IT issue (we’ve been saying that for years ….).

One of the issues for 2017 will continue to be global changes in data protection laws, and how US companies operating in a global environment prepare for compliance with competing regulations.

To that end, we continue our ongoing series of webinars on the European Union’s General Data Protection Regulation (GDPR).

The upcoming webinar, the fifth in our GDPR Series, will explore the ways in which the Regulation creates new avenues for data transfers, and narrows others. In particular, we will consider sector-specific Commission decisions, privacy seals/certifications, the exception for non-repetitive, limited transfers, and the outlook for BCRs and Model Clauses.

Registration is online here.

 

For the past few months, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation. The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

This week, we’ll present a webinar examining the criteria that determines whether or not your organization needs to appoint a Data Protection Officer. We will discuss the role of the DPO, the significance of the “independence” requirement, and the qualifications required to hold the position. Make sure to join us for this important webinar!

Registration link is here.

 

Even president-elect Donald Trump has been the victim of a data breach. Several times actually. The payment card system for his Trump Hotel Collection was infected by malware in May 2014 and 70,000 credit card numbers were compromised by the time the hack was discovered several months later.  The hotel chain paid a penalty to the State of New York for its handling of that incident.  The hotel chain also experienced at least two additional breaches during this past year affecting various properties. From a business perspective, Mr. Trump certainly understands the high costs of cybersecurity in dollars and distraction. But from the Oval Office, it is far less clear what the Trump Administration might do to secure our country’s digital infrastructure and prosecute cybercriminals. Equally uncertain are Mr. Trump’s views on privacy rights and how his presidency might affect federal protections for personal information and cross-border transfers of data. We do not have a crystal ball, but offer some thoughts. Continue Reading The Cyber President? What To Expect From the Trump Administration On Cybersecurity And Privacy

For the next few months, the Mintz Levin Privacy Webinar Series is focusing on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation.   The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

Next week, we’ll present a webinar focusing on the data security and accountability requirements of the GDPR, including reviews and documentation of internal policies and procedures and data impact assessments.   We will also take a look at the onerous breach notification requirements and recommend actions that companies can take in advance to mitigate the need for breach notification.

Make sure to join us for this important webinar!

Registration link is here.

 

Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and more secure environment for the entire online community.  To this end, on July 6, 2016, the European Parliament adopted the Network and Information Security (“NIS”) Directive in an effort to enhance cybersecurity and incident reporting at a national level across all of its member states (“NIS Directive”). This move followed an announcement the day before from the European Commission (the “Commission”) that it had launched a public-private initiative that will steer €1.8 billion of investment into cybersecurity by 2020.  Continue Reading EU Adopts Cybersecurity Directive: What US Companies Need to Know