The new European Union General Data Protection Regulation (GDPR) (Regulation 2016/679, Apr. 27, 2016) will replace the Data Protection Directive (Directive 95/46/EC) effective May 25, 2018.  The GDPR has been a long time coming, and introduces a host of new requirements for companies that use or process data in the EU, or simply use or process data about EU citizens anywhere in the world outside of the United States.  The reforms will give European consumers new rights and control over their personal information, and impose new obligations on businesses, to the extent that they collect personal information from EU citizens, regardless of where they reside, or individuals who reside in the EU, regardless of their nationality.

Given the magnitude of new requirements in the GDPR, it will be important for companies to begin the compliance process now.  A good starting point is for businesses to assess their current practices and identify gaps, and use that to map out a step by step compliance plan specific to their data collection practices that fully prepares them for the new GDPR world in 2018.

Keller and Heckman LLP attorneys have prepared a summary of the key requirements in the GDPR and a compliance checklist for businesses.  To view them on our website and/or download a copy, click here.  For more information on the GDPR or other privacy and data security matters, please contact Sheila Millar (+1 202.434.4143, millar@khlaw.com) or Tracy Marshall (+1 202.434.4234, marshall@khlaw.com).