Privacy Law: GDPR / Privacy Shield / CCPA
The EU’s General Data Protection Regulation (GDPR) became effective May 25, 2018. Administrative fines under the GDPR can reach €20m or 4 percent of the global annual turnover of a company.
Privacy law is not limited to financial services, pharma/biotech and healthcare fields. Additionally, the reach of laws created by the European Union and California are not limited to businesses with an office located in these jurisdictions.
The Privacy Shield Framework was a mechanism for a U.S. company to comply with the GDPR when transferring personal data from the European Economic Area (EEA) to the U.S. However, on July 16, 2020, the European Court of Justice (ECJ) issued a judgment invalidating the adequacy of the Framework. Although joining the Privacy Shield is voluntary, once a U.S. company commits to participate its commitment is enforceable under U.S. law. Despite the regime being invalidated by the ECJ, the U.S. FTC announced on July 21, 2020 it expects companies to comply with their ongoing obligations with respect to transfers made under the Privacy Shield Framework.
These regimes place limitations on the collection of a consumer’s personal information and provide consumers certain rights with respect to their personal information. Have you determined whether your business is subject to these data protection laws?
Topics covered will include:
Applicability of Each Regime to Your Business
Data Identification and Mapping
The above program is offered via live webinar or in person. The length of the session is geared toward the particular client's needs.
This training is helpful for staff in a company’s legal; finance; compliance; risk management; sales and marketing departments.
The California Consumer Privacy Act (CCPA) kicked in on January 1, 2020. Civil penalties can range from $2,500 for a non-intentional violation to $7,500 for an intentional violation.