413-781-2820 413-781-2820

General Data Protection Regulation (GDPR) Goes Into Effect

The General Data Protection Regulation (“GDPR”) of the European Union will take effect on May 25, 2018. The GDPR will extend throughout the European Economic Area (“EEA”) and will affect any business that offers services or goods to customers in an EEA country (even if the business is not located in the EEA) or that collects, uses, stores, or discloses “Personal Data” of any person who resides in the EEA, regardless of citizenship.

The GDPR will require affected parties to implement a range of technical and organizational measures to protect individuals’ privacy rights. Those measures involve, among other things, privacy management, individual consent to data acquisition, data destruction requirements, procedures for breach response and notification, and profiling limitations. The GDPR also deals specifically with the transfer of data from the EEA to other countries. The United States is among the countries deemed by the EU to have inadequate privacy laws, and thus companies located in the U.S. will need to meet specific requirements if they are involved in the exchange of any Personal Data from an EEA country. Potential penalties for failure to comply with the GDPR are based upon a variety of factors and can be severe: up to the greater of €20 million or 4% of global annual turnover.

If you have not completed your analysis of GDPR’s impact upon your operations, we suggest that you do so immediately. If you would like further information on the new regulation or wish to discuss how it may affect your company, please contact one of the members of our GDPR working group.

Jim Duda


David Parke


Andrew Levchuk


Sarah Willey