By Emily A. Bruemmer and Jennifer J. Yun

Nearly two years ago, on May 24, 2016, the European Union (EU) adopted a new law—the General Data Protection Regulation (GDPR or Regulation)—to replace the Data Protection Directive, which has governed data protection in the EU since 1995. While the GDPR resembles the Data Protection Directive, it has some important differences. These include new rights for data subjects, such as the right to data portability and the right to erasure (“right to be forgotten”) in certain circumstances; new data breach notification requirements, including a requirement to notify the relevant Data Protection Authority within 72 hours of discovery of the breach (unless exceptions apply); and much stricter penalties and fines for non-compliance.

The Clock is Ticking

EU Data Protection Authorities can begin enforcing the GDPR against companies beginning on May 25, 2018, with no further action required by the EU Member States to bring the GDPR into effect. For companies that have operations in the European Union or that offer goods and services to (or monitor) EU residents, the time to get into compliance with the GDPR is running short…

To read the full Jenner & Block client alert on this subject, please click here.