General Data Protection Regulation featured image

General Data Protection Regulation

by John DiGiacomo

Partner

Data Breach

Ever since people have started putting information on social media, in the protection of companies, or on their own protected online server, there have been groups of people who attempt to hack this information and use it with ill intentions. Because of the great weight held by the United States and other nations towards personal privacy, companies are made or destroyed around the notion of information securities. While companies are often victims of cyber attacks that jeopardize their customer’s information, in the past the customers were sometimes left in the dark.

How are consumers protected from these attacks?

Like many consumer protection actions done in the U.S., many states have implemented laws to help that require businesses to notify customers when their data may have been compromised. States like California and Michigan, among many others, have enacted laws that require companies that have clients within their state to notify consumers of the potential damage that was done along with resources to help protect the consumers against potential fraud. However, there is no current Federal law to protect United States citizens.

The EU’s Answer: General Data Protection Regulation

Unlike the United States, the European Union (EU) has taken it upon itself to protect citizens of all member states via the General Data Protection Regulation (GDPR). The GDPR applies to all businesses that are based in the EU, intend to do services for people in the EU, and any company that monitor people in the EU. The GDPR applies to any company in which there has been a “personal data breach,” which is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Major differences in the GDPR

Similar to many of the U.S.’s state laws, the GDPR requires disclosure to the consumers after an information breach has been realized. Once data processors notice the breach, they notify data controllers and the data controllers then notify the consumers and the government regulators. While much of the regulation is now considered standard, since its modeled after United State’s laws, there are some major key points worth noting.

  1. General Data Protection Regulation goes into effect in 2018.
  2. The GDPR governs all types of identifying information, not just sensitive materials like Social Security Numbers, driver’s license numbers, etc.
  3. There are stricter requirements to notify if any evidence of breach, not just if there is a material threat to customers.
  4. Companies that become aware of a breach are required to notify governing agencies in the EU within 72 hours of discovery.
  5. Individual victims have the right to seek damages that they suffer if the company in question has not abided to the GDPR requirements.
  6. Companies that do not abide to the GDPR may be fined up to 2% of the company’s annual revenue.

These key points highlight that the EU is not taking their citizen’s privacy lightly. Allowing for a major fine to companies in light of their GDPR infractions will hopefully spur companies to not only notify consumers when breaches occur but also ensure that they take information securities with greater responsibility. We’ve written previously about steps companies need to take here and here.

Talk to a Data Breach Lawyer

In a time where all of our information and customers are global, it is important that your company understands which laws could directly impact its business.

Revision Legal consistently works to improve its clients’ legal protection in wake of potential information breaches. If you have concerns about your exposure or have received notification that your company has been a victim of a security breach, contact our experienced data breach and internet attorneys. Contact us using the form on this page or call us at 855-473-8474.

Photo credit to Flickr user Leon Yaakov.

Editors note: This post was originally published in December, 2016. It has been updated for clarity and comprehensiveness.

 

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side