European Privacy is an American Concern

Two weeks ago, I attended the annual meeting of the Michigan Bar’s Business Law Section. Section member and Dykema attorney Stephen Tupper offered an overview of the EU’s General Data Protection Regulation (GDPR), which takes effect May 28, 2018. If your company does business in, or with citizens of, an EU country, you need to take stock of this new regulation.

Under GDPR, “any information relating to an identified or identifiable natural person [who is a citizen of the EU]” is personal data subject to protection. Do you have anyone from Germany in your contacts? Any emails from Italy in your “trash” bin? If so, you probably fall subject to GDPR.

Among other things, GDPR requires:

  • Data Protection Plans to segregate, protect and remove personal data
  • Data Protection Officers qualified to understand and implement GDPR
  • Data Breach Notification within 72 hours
  • Hefty penalties (up to 4% of annual sales) for non-compliance

The full scope of GDPR exceeds the attention span of most blog readers. If you do business in Europe, you need to find the time and the expertise to get up to speed. Here is a helpful starting point. Steve Tupper can be reached at stupper@dykema.com.

More questions, or need help? Contact Wright Beamer at (248) 477-6300.