Top Five Questions We're Being Asked Leading Up to "GDPR Friday"
May 24, 2018 – Client AlertFriday, May 25, 2018, is arguably the biggest day in privacy law in many years. That is the day the European General Data Protection Regulation (“GDPR”) goes into effect. Many of our clients have been preparing for this date all year. In recent days, however, we have received numerous calls, especially those without a footprint in the EU, wondering if they too need to be "GDPR compliant."
For those who are not sure if they need to be "GDPR compliant," below are the top five questions we're being asked, as well as our answers to those questions:
1. Do I have to do anything about the GDPR? Despite what many vendors are implying, not all companies are subject to the GDPR. However, if a company is selling to or targeting European customers, it has to comply even if it has no physical presence in the European Union.
2. If I have Europeans on my e-mail contact list, does that make me subject to the GDPR? Not necessarily. It depends on whether you are targeting European customers with sales of goods or services or whether you are engaging in business to business enterprise.
3. If I have obtained consent from European customers in the past, do I have to get consent again? In many instances, companies do not have to obtain new consent, particularly if they have provided customers with an option to unsubscribe from a mailing list. However, it may be necessary to obtain consent for certain types of data collection and processing, especially if you are collecting substantial amounts of personal data from Europeans.
4. Do I have to modify my privacy policy?If a company is subject to the GDPR, it most likely needs to modify its privacy policy to some degree. The extent of the modification depends upon the individual facts and circumstances of a particular company. In any event, it is a good idea to have a lawyer take a look at a privacy policy and terms of use for websites to see if they fulfill existing requirements under both EU and U.S. law.
5. If I have updated my privacy policy to be GDPR compliant, what should I do next? If you have updated your privacy policy, you can communicate this change by posting a notification to your website. With the GDPR, it may be a good idea to take the additional step of sending a targeted communication to your mailing list informing customers of your compliance.
If you or your clients have any of these—or other—questions about the GDPR, please have them contact Tim Toohey at [email protected] or at (310) 201-7450.
© 2018 Greenberg Glusker Fields Claman & Machtinger LLP. All rights reserved. This Client Alert contains information of a general nature that is not intended to be legal advice. Should you wish to rely on the information transmitted, please contact a legal professional first. Providing this Client Alert does not create an attorney-client relationship with the recipient. Greenberg Glusker Fields Claman & Machtinger LLP (the “Firm”) does not represent or warrant that this Client Alert contains information that is true or accurate in all respects or that is the most current or complete information on the subject matter covered. You have received this Client Alert because of our belief that you may have an existing business relationship with the Firm or have indicated a desire to receive such communications. This bulletin may constitute attorney advertising. Prior results do not guarantee a similar outcome.