LITIGATION AND PRACTICE SUPPORT
63
WWW.ILTANET.ORG | ILTA WHITE PAPER
GDPR and Privacy Law Evolution in the EU
On May 25th, 2018 the EU's Global Data Protection
Regulation (GDPR) goes into full enforcement. The GDPR is a
new law that provides legal protection and redress rights to EU
persons wanting to exercise their data privacy rights no maer
where in the world their data resides. The GDPR was enacted
to protect the data privacy rights of EU persons in countries
like the United States that do not have the same stringent data
privacy laws as the EU. Any company that provides goods or
services to persons in the EU or handles their data must abide
by this regulation or face fines of up to the greater of 4% of their
company's worldwide annual gross revenue or 20 million pounds
(currently about 27.9 million U.S. dollars).
Since World War II, when personal information was used by
Nazi Germany to make life or death decisions about individuals,
the EU has regarded individual privacy as a fundamental human
right. As personal data flows across borders in our modern digital
age, the GDPR is designed to help individuals, also known as "data
subjects," exercise that fundamental right to privacy and make
decisions about the use of their data. The GDPR replaces the EU's
previous Data Protection Directive (95/46/EC) enacted in 1995. The
GDPR is more expansive than the Data Protection Directive and is
an enforceable law that applies immediately to all of the EU rather
than requiring individual member states to pass legislation.
For organizations that use data from EU data subjects, the
idea is that an individual's right to data privacy may supersede
a company's right to use this data for business or legal purposes
will cause a fundamental shi in how those organizations manage
individual data privacy rights in the future. Three significant
by Debbie Reynolds
GDPR and Privacy Law Evolution
in the EU
