Lawyers Run The World

GDPR to Come Into Force in 2018

The EU General Data Protection Regulation becomes effective in May 2018.

It applies to those that (i) offer products/services to EU residents; (ii) monitor the behavior of EU residents; or (iii) handle the personal data of an EU residents.

The cornerstone of GDPR is that personal data must be processed lawfully, fairly and in a transparent fashion.

Data collection protocols must be adequate disclosed. It imposes an opt-in regime. Consumers must also be permitted to access, change and request the deletion of their data.

Personal data collected should be for legitimate purposes and limited to what is necessary. Consistent with Federal Trade Commission guidance, data should not be kept for any longer than is necessary for such purposes.

Reasonable measures that ensure the security of personal data must be implemented, including safeguarding against unauthorized use, exploitation, destruction or damage. Personal data should be anonymized if possible, otherwise encryption or other technical controls must be employed to protect the data.

From an accountability standpoint, data processors must be able to demonstrate compliance with the GDPR. Those that systematically collect/process personal data are required to appoint a data protection officer. Data breaches must be reported within 72-hours.

The penalties for violations of the GDPR are substantial and can yield fines of up to $23M USD, or 4% of total worldwide revenue of the preceding year – whichever is higher – for breaches of lawfulness, transparency, accuracy and purpose limitation, data minimization and storage limitations. Fines are “less” severe for breaches relating to data integrity, confidentiality and accountability.

If you are interested in learning more about the implementation of compliant privacy and data security protocols, you can contact the author via email at

You can also follow the author on LinkedIn at FTC Defense Lawyer.


ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777.

What do you think?
[Total: 0 Average: 0]
Show More

Richard B. Newman

Richard B. Newman is an Internet Lawyer at Hinch Newman LLP focusing on advertising law, Internet marketing compliance, regulatory defense and digital media matters. His practice involves conducting legal compliance reviews of advertising campaigns across all media channels, regularly representing clients in high-profile investigative proceedings and enforcement actions brought by the Federal Trade Commission and state attorneys general throughout the country, advertising and marketing litigation, advising on email and telemarketing best practice protocol implementation, counseling on eCommerce guidelines and promotional marketing programs, and negotiating and drafting legal agreements.

Related Articles

What's your opinion?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button