General Data Protection Regulation featured image

General Data Protection Regulation

by John DiGiacomo

Partner

Data Breach

Ever since people have started putting information on social media, in the protection of companies, or on their own protected online server, there have been groups of people who attempt to hack this information and use it with ill intentions. Because of the great weight held by the United States and other nations towards personal privacy, companies are made or destroyed around the notion of information securities. While companies are often victims of cyber attacks that jeopardize their customer’s information, in the past the customers were sometimes left in the dark.

How are consumers protected from these attacks?

Like many consumer protection actions done in the U.S., many states have implemented laws to help that require businesses to notify customers when their data may have been compromised. States like California and Michigan, among many others, have enacted laws that require companies that have clients within their state to notify consumers of the potential damage that was done along with resources to help protect the consumers against potential fraud. However, there is no current Federal law to protect United States citizens.

The EU’s Answer: General Data Protection Regulation

Unlike the United States, the European Union (EU) has taken it upon itself to protect citizens of all member states via the General Data Protection Regulation (GDPR). The GDPR applies to all businesses that are based in the EU, intend to do services for people in the EU, and any company that monitor people in the EU. The GDPR applies to any company in which there has been a “personal data breach,” which is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Major differences in the GDPR

Similar to many of the U.S.’s state laws, the GDPR requires disclosure to the consumers after an information breach has been realized. Once data processors notice the breach, they notify data controllers and the data controllers then notify the consumers and the government regulators. While much of the regulation is now considered standard, since its modeled after United State’s laws, there are some major key points worth noting.

  1. General Data Protection Regulation goes into effect in 2018.
  2. The GDPR governs all types of identifying information, not just sensitive materials like Social Security Numbers, driver’s license numbers, etc.
  3. There are stricter requirements to notify if any evidence of breach, not just if there is a material threat to customers.
  4. Companies that become aware of a breach are required to notify governing agencies in the EU within 72 hours of discovery.
  5. Individual victims have the right to seek damages that they suffer if the company in question has not abided to the GDPR requirements.
  6. Companies that do not abide to the GDPR may be fined up to 2% of the company’s annual revenue.

These key points highlight that the EU is not taking their citizen’s privacy lightly. Allowing for a major fine to companies in light of their GDPR infractions will hopefully spur companies to not only notify consumers when breaches occur but also ensure that they take information securities with greater responsibility. We’ve written previously about steps companies need to take here and here.

Talk to a Data Breach Lawyer

In a time where all of our information and customers are global, it is important that your company understands which laws could directly impact its business.

Revision Legal consistently works to improve its clients’ legal protection in wake of potential information breaches. If you have concerns about your exposure or have received notification that your company has been a victim of a security breach, contact our experienced data breach and internet attorneys. Contact us using the form on this page or call us at 855-473-8474.

Photo credit to Flickr user Leon Yaakov.

Editors note: This post was originally published in December, 2016. It has been updated for clarity and comprehensiveness.

 

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case