Enter to open, tab to navigate, enter to select
GDPR Resources for US Practitioners Toolkit
Practical Law Toolkit w-020-6435 (Approx. 11 pages)
GDPR Resources for US Practitioners Toolkit
by Practical Law Data Privacy & Cybersecurity
| Maintained • European Union, USA (National/Federal) |
Resources to assist counsel in advising US-based clients on the European Union (EU) General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). This Toolkit includes links to resources that address the GDPR's applicability and implementation and provides guidance on how US-based businesses can address its requirements.
The EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) became directly applicable in all EU member states on May 25, 2018. The European Economic Area (EEA) Joint Committee Decision No. 154/2018 incorporated the GDPR into the EEA Agreement on July 6, 2018, extending the GDPR's application to EEA countries.
The GDPR applies to:
- Businesses that process personal data in the context of an EU establishment's activities, regardless of whether the processing takes place in the EU.
- Non-EU businesses with no EU establishment that process personal data in connection with:
- offering goods or services to EU-based individuals (free or paid); or
- monitoring individual's behavior that takes place in the EU.
- Businesses not established in the EU that are subject to EU member state law by virtue of public international law.
(Article 3, GDPR.)
US-based clients increasingly call on counsel to determine whether the GDPR applies to their businesses and, if so, how they should comply with its provisions. This Toolkit provides resources to help address those issues.
EU member states may also establish local legislation that both aligns their prior data protection laws with the GDPR and addresses local derogations (exceptions) permitted by the GDPR. National data protection laws and GDPR derogations are outside the scope of this Toolkit.