GDPR and Global Privacy
Wiley Rein routinely advises clients on their compliance obligations with federal, state, and international privacy and data protection laws – including the General Data Protection Regulation (GDPR), the European Union’s landmark privacy regulation. The GDPR gives individuals unprecedented control over their personal data by imposing strict limitations on how companies can process personal data.
The regulation can apply to any company that (i) is based in the EU, (ii) offers goods or services to an individual in the EU, or (iii) monitors an individual in the EU. Any company that collects, uses, or discloses personal data about individuals in the EU should evaluate whether it is subject to the GDPR. The definition of “personal data” under the GDPR is broad, including any information that directly or indirectly identifies a person. Credit card numbers, travel records, religious affiliations, sexual orientation, political opinions, web search results, biometric data from wearable fitness monitors, and Internet (IP) addresses are examples of information that can fall under this umbrella.
To help clients keep pace with developing privacy and data protection industry standards, Wiley Rein attorneys regularly:
- Evaluate GDPR coverage and assess risk.
- Assist in developing global privacy compliance programs.
- Draft and review privacy policies.
- Advise on internal and external privacy and data protection policies.
- Advise on issues related to the collection, use, sharing, and safeguarding of data.
- Provide documentation guidance on the collection and processing of personal data, including descriptions of technical security measures in place.
- Draft and review privacy-related terms for customer and vendor agreements.
- Develop intercompany international data transfer agreements.
- Advise on consent requirements.
- Perform data protection impact assessments.
- Help clients evaluate and manage privacy risks, including in strategic transactions such as IT outsourcing and mergers and acquisitions.
- Assist clients in responding to data breach incidents, including drafting and reviewing breach notification notices.
- Develop comprehensive customized incident response plans, training staff, conducting extensive tabletop exercises, and addressing key issues with Boards of Directors and executive management.
As the international landscape of privacy and data security evolves, Wiley Rein attorneys continue to monitor developments in privacy law worldwide and advocate policy positions in the U.S. Congress and key national and international regulatory agencies on behalf of clients.