European Personal Data Compared to U.S. Personal Identifiable Information Under the New GDPR>
JD Supra – Evan Benjamin
On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. Any violation of this regulation is subject to a fine of up to â¬20 million, or 4 percent of prior year revenue, whichever is higher. Given this new environment, data privacy has now come front and center for all eDiscovery and Information Governance practitioners.  Determining whether the GDPR applies can be analyzed by answering three questions. First, does the U.S. organization have an established presence in the EU. Second, does the U.S. organization process personal data of data subjects in the EU by offering these subjects goods or services. Third, does the organization process personal data in the EU by monitoring behavior (e.g. through websites). If any of these questions apply, then U.S. organizations are compelled to comply and are subject to enforcement by EU Data Protection Authorities (âDPAâ). U.S. organizations must understand that GDPR grants enforcement authority that allow DPAs to monitor and enforce this regulation in the respective territories, which also gives each individual European member state regulatory authority to enforce the regulation. Moreover, each member state may adopt separate data protection laws to supplement the GDPR which may force U.S. companies to separately understand these laws and its impact on the application of the GDPR.
Link: https://www.jdsupra.com/legalnews/european-personal-data-compared-to-u-s-39122/