When Bloomberg Law examined the impact the European Union’s data
privacy law has had on Big Law over the last six months, it turned to
McGuireWoods Richmond partner
Janet Peyton for valuable insights.
Lawyers who specialize in data privacy and security have been swamped
helping clients comply with the General Data Protection Regulation, which
took effect on May 25. The GDPR greatly expanded definitions of personal
data and the “right to be forgotten,” and imposed new data breach
notification protocols. It applies worldwide to any company that does
business in the EU or with EU-based people and prescribes significant
penalties ― the greater of €20 million ($22.6 million U.S.) or 4 percent of
a company’s gross annual revenue ― on violators.
Many U.S. companies found themselves behind the curve on compliance
efforts, perhaps because of the type of data that the GDPR protects, Peyton
explained in the Nov. 26 Bloomberg Law article.
“GDPR defines personal information in a much broader way, picking up simple
contact information such as names, emails, and street addresses of
customers and even IP addresses,” said Peyton, who practices in the area of
data privacy and security. “These are not the kinds of data that U.S.
companies are used to treating with much caution.”
The article, “Big Law Hands Full as Clients Adjust to EU Data Privacy Reg,” is available online to subscribers.