LONDON, May 24, 2018
– As the European Union’s new General Data Protection Regulation (GDPR) comes into force on Friday, May 25, 2018, Baker Botts lawyers have released, “FAQ: ‘The Best Of’ GDPR Questions
,” to prepare clients for Europe’s extensive new data protection rules.
This is the latest in a series of publications and webinars that Baker Botts lawyers have produced leading up to the introduction of this new regulation.
Palo Alto based Special Counsel Cynthia J. Cole
and London based Partner Neil Coulson
published the FAQ as a follow-up to their recent webinar, “A Global Paradigm Shift? General Data Protection Regulation
Produced in collaboration with Wolters Kluwer
, Ms. Cole and Mr. Coulson, presented the webinar on April 10, 2018, on the impact GDPR will have on American companies that collect, store and analyze personal data.
“While we packed as much information as we could into the one-hour webinar, we were unable to meet the amount of questions at that time,” said Ms. Cole. “The quantity of responses received after the webinar was a telling reaction to the impending GDPR deadline.”
During Ms. Cole’s and Mr. Coulson’s webinar, they also addressed the regulation's impacts on data, cross-border transfers, consent to process, rights of data subjects, the principle of accountability under Article 5, breach obligations, and GDPR preparedness.
The webinar was a follow-on to Ms. Cole’s and Mr. Coulson’s widely-read two-part article series published in Wolters Kluwer Strategic Perspectives
outlining why GDPR will impact domestic businesses, and the practical compliance steps U.S. companies can take to ensure that they are ready for the implementation.
“Preparation for GDPR does not end on May 25, 2018, and the legal
and contractual landscape will continue to evolve well past May,” said Mr. Coulson. “GDPR compliance and implementation will shift based on individual fact patterns and events so we hope the FAQ provides more insight into the stricter compliance regulation for data privacy.”
“FAQ: ‘The Best Of’ GDPR Questions,” includes a general recap of GDPR followed by 14 in-depth responses to questions from the webinar attendees:
- What is GDPR?
- What information does it cover?
- Why is it relevant in the United States?
Questions from Webinar Attendees:
- Does GDPR have a retroactive effect?
- Are, for example, email addresses and cell phone numbers considered personal information under GDPR?
- Does GDPR apply to data from EU citizens that are located within a country (like the U.S.) collected from them while they are in the U.S., for example a British national resident in the U.S. and employed by a company in the U.S.?
- Is there a private right of action?
- If a company receives personal data of EU residents and then anonymises it, can it use the anonymised data to perform analytics without further consent?
- How do you anonymise data?
- How does pseudonymous differ from anonymous?
- What is automated processing and what are examples of it?
- What constitutes lawful processing? If you can establish a basis under contract or legitimate interest, do you still need consent, particularly with reference to a B2B situation?
- What does it mean to process more than 5,000 data subjects in a 12-month period?
- Does GDPR address the individual liability of a Data Protection Officer?
- Can you have multiple Data Protection Officers?
- What is your risk if a breach is due to a subcontractor and you cannot notify it within 72 hours of it occurring?
- What court(s) will have jurisdiction over challenges to US-based entities?
Ms. Cole has more than 17 years of experience representing global companies and private equity in complex strategic transactions; with a focus on technology and cross-border, including with leading Telecommunications, Software/SaaS and Semiconductor.
Mr. Coulson is an intellectual property lawyer, with a broad-based practice focused on dispute resolution and the exploitation of intellectual property rights, including advising on protection strategies, the full range of commercial agreements and all matters relating to data privacy.