Less than One Year until EU GDPR: Recommended Steps to Take Now

It is now less than one year before the EU General Data Protection Regulation (“GDPR”) takes effect—bringing with it increased compliance obligations, penalties (as high as 20 million euros or 4% annual worldwide turnover), and enforcement.  EU regulators have already advised organizations that there will be no grace period for compliance after May 25, 2018. …


Reason to Move Onward: The Privacy Shield’s Limited-Time-Only Grace Period

If your company plans to join the Privacy Shield, if possible, you should try to self-certify by September 30, 2016.  By doing so, you will be able to take advantage of a nine-month grace period to bring existing third-party relationships in conformance with the Accountability for Onward Transfer Principle.  Why is this nine-month grace period…


Privacy and Security Regulatory Developments Make the Case for Defensible Disposition

There is a strong business case for defensible disposition, which is the process of disposing of company information when it is no longer needed for business or legal purposes.  Key business benefits for defensible disposition include saving costs for storage; improving operational efficiency by better enabling employees to access needed information without having to wade…


Article 29 Working Party Releases Statement on Final EU-U.S. Privacy Shield

Yesterday, the Article 29 Working Party (“Working Party”) released a statement concerning the final version of the EU-U.S. Privacy Shield.  Yesterday’s statement from the Working Party is generally more favorable than its April opinion on the previous draft Privacy Shield.  Here are our key takeaways from yesterday’s press release: The Working Party Considers the Privacy…


Laura Fey Discusses the “Internet-of-Everything” and Top Privacy Tips

Laura Fey is quoted in a Super Lawyers® feature story, “Is Privacy Dead?: Navigating the Digital Age with Top Privacy and Technology Lawyers.”  In the piece, Laura shares her thoughts on what she calls the “Internet-of-Everything,” the increasing prevalence of devices that track the movements, health conditions, habits, etc. of human beings. Laura also shared…


Article 29 Working Party Provides Some Answers, But Few Assurances on Future of Transatlantic Data Transfers

The decision of the Court of Justice of the European Union (CJEU) invalidating the U.S.-EU Safe Harbor in Schrems v. Data Protection Commissioner (C-362-14) left countless companies with questions concerning how broadly that decision will be interpreted; when and how the decision will be enforced; and whether and how companies can lawfully transfer data from…