When Bloomberg Law examined the impact the European Union’s data privacy law has had on Big Law over the last six months, it turned to McGuireWoods Richmond partner Janet Peyton for valuable insights.
Lawyers who specialize in data privacy and security have been swamped helping clients comply with the General Data Protection Regulation, which took effect on May 25. The GDPR greatly expanded definitions of personal data and the “right to be forgotten,” and imposed new data breach notification protocols. It applies worldwide to any company that does business in the EU or with EU-based people and prescribes significant penalties ― the greater of €20 million ($22.6 million U.S.) or 4 percent of a company’s gross annual revenue ― on violators.
Many U.S. companies found themselves behind the curve on compliance efforts, perhaps because of the type of data that the GDPR protects, Peyton explained in the Nov. 26 Bloomberg Law article.
“GDPR defines personal information in a much broader way, picking up simple contact information such as names, emails, and street addresses of customers and even IP addresses,” said Peyton, who practices in the area of data privacy and security. “These are not the kinds of data that U.S. companies are used to treating with much caution.”
The article, “Big Law Hands Full as Clients Adjust to EU Data Privacy Reg,” is available online to subscribers.