The European Union’s General Data Protection Regulation became effective in May 2018. It establishes individual privacy rights and requirements for the collection, processing and storage of personal data.
In July 2018, the UK Information Commissioner’s Office issued an enforcement notice to AggregateIQ Data Services Ltd., a Canadian company that used personal data to send targeted ads. Importantly, although the personal data was collected and used prior to the GDPR effective date, there were a number of alleged violations of GDPR based upon possession of the personal data alone.
It is noteworthy that this action was initiated against a company outside of the European Union.
Contact a data privacy attorney to discuss whether the GDPR applies to your business operations, including, but not limited to, collecting information about individuals located in the European Union, offering of products or services in the European Union, sending commercial electronic messages to people in the European Union, tracking the activity of individuals in the European Union, the presence of operations in the European Union, digital properties that are arguably intended for use by individuals in the European Union, and whether specific categories of information are collected from individuals located in the European Union.
Richard B. Newman is member of the International Association of Privacy Professionals and an advertising law attorney at Hinch Newman LLP.
Informational purposes only. Not legal advice. Always seek the advice of an attorney. Previous case results do not guarantee similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.