Data Transfers between U.S. and EU After New General Data Protection Regulation and Under the New EU-U.S. Privacy Shield

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, March 10, 2016

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide guidance for companies doing business in the EU or providing goods and services to those in the EU on the exchange of information between the U.S. and EU under the new General Data Protection Regulation (GDPR). The panel will also discuss the impact of the Schrems decision, invalidating the U.S.-EU safe harbor provision. The panel will offer best practices for complying with the data protection requirements.

Description

U.S. companies face complex, cross-border data protection laws governing data exchanged between U.S. locations and those in other countries. Things are now more complicated for companies sending or receiving information from EU locations since the EU’s Dec. 2015 formal agreement on the new GDPR, which replaces the 1995 data protection directive.

The new GDPR further restricts the use of data and allows for significantly stiffer penalties, up to four percent of global gross revenue, for noncompliance. The GDPR applies broadly, including companies based outside the EU that provide goods and services in the EU.

In addition to the GDPR, in Schrems v. Data Protection Authority the EU’s Court of Justice invalidated the U.S.-EU safe harbor, which enabled companies to move personal data between the EU and U.S. Counsel to companies doing business in the EU must understand the new environment and prepare to meet the new data protection requirements. Companies should establish policies and procedures that anticipate and mitigate data protection risks in corporate and commercial transactions.

Listen as our authoritative panel examines the new EU regulation for data protection and what companies and their counsel should due in advance of the new requirements. The panel will also discuss the impact of the Schrems decision on the flow of data between the U.S. and the EU and the new safe harbor provision that is expected. The panel will offer best practices for complying with the requirements for data protection and minimizing the risk of investigation.

READ MORE

Outline

  1. New EU regulation for data protection—key changes
    1. Broader application
    2. Increased penalties
    3. Rights of data subjects
    4. Consent
    5. Breach notification
    6. Direct application to data processors
    7. Data protection authorities
    8. Cross-border data transfers
  2. What companies and their counsel should due in advance of the new requirements
  3. Impact of the Schrems decision on the flow of data between the U.S. and the EU
  4. Best practices for compliance
    1. Develop/revise privacy program
    2. Data breach response policies/procedures
    3. Review contracts with third parties that process or maintain information protected under the GDPR
    4. Appointment of data protection officer
  5. New safe harbor

Benefits

The panel will review these and other key issues:

  • What are the key changes under the new EU General Data Protection Regulation?
  • What impact will the invalidation of the safe harbor have on the exchange of data between the U.S. and EU?
  • What steps should companies and their counsel take to ensure compliance with data protection requirements?

Faculty

Bernard L. (Brian) Hengesbaugh
Bernard L. (Brian) Hengesbaugh
Partner
Baker & McKenzie

Mr. Hengesbaugh advises clients on the legal aspects of global privacy and data protection, data security, information...  |  Read More

Norma M. Krayem
Norma M. Krayem
Sr. Policy Advisor
Holland & Knight

Ms. Krayem co-chairs the firm's Data Protection and Cybersecurity Group and provides strategic advice on key...  |  Read More

Long, William
William Long
Partner
Sidley Austin

Mr. Long advises international clients on a variety of social media, data protection, privacy, information security,...  |  Read More

Edward R. McNicholas
Edward R. McNicholas
Partner
Sidley Austin

Mr. McNicholas has an expansive practice representing clients facing complex information technology, constitutional and...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

Download