The new European Union’s General Data Protection Regulation (“GDPR”) was published on 4 May 2016. It will be enforced after a two-year transition, beginning on 25 May 2018, replacing the national laws and regulations and reaching all companies that target EU consumers from outside the EU.
Under current national laws, a company without a legal establishment in an EU country is not subject to its data protection law, unless the company makes use of equipment located in the country to process the data. Thus, there is generally no jurisdiction without employees or servers on the ground.
This changes with GDPR: the Regulation applies to processing outside the EU that relates to the offering of goods or services to data subjects (individuals) in the EU or the monitoring of their behavior. Therefore, the operators of commercial websites or mobile apps throughout the world may find themselves directly subject to the Regulation, along with a wide array of worldwide service providers who support European retailers.
Our firm provides assistance with data protection issues and compliance work including for Websites, E-commerce, Intelligent Devices, Social Media, Cloud Computing and outsources IT services.
We also act as Data Protection Officers and provide in-house training on data protection related issues.