International Data Protection Regulations

If your business has interests in foreign countries, it is important to watch international data protection and privacy regulations. Our attorneys will help you stay ahead of the curve and prepare for new rules that affect your company.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and marked a fundamental change in the legislative framework for the use and protection of personal data in European Union (EU) countries.

The GDPR applies to every organization, regardless of size, that has customers located in the EU. Importantly for U.S. businesses, even if your organization has no establishment in the EU, you likely will need to comply with the GDPR if you offer to sell goods or services to, or monitor, individuals in the EU. These individuals need not be customers or clients. Compliance with the GDPR must be a strategic priority for companies and businesses. Fines can amount to as much as the larger of 4 percent of global annual revenue or 20 million EUR.

Canada Anti-Spam Law (CASL)

Additionally, Canada is rigorously enforcing the Canada Anti-Spam Law (CASL), which, among other things, requires organizations both within and outside of Canada to obtain consent before sending commercial electronic messages to recipients in Canada. Organizations that do not comply with CASL risk serious penalties, including criminal and civil charges, personal liability for company officers and directors, and penalties up to $10 million.

Our Attorneys

Greensfelder's attorneys have experience with communications law and data privacy. The attorneys in our International Data Protection Regulations group are here to help you navigate the range of rules and regulations governing data privacy and protection in different countries.

Mary Ann Wymore | Spencer Garland | Erv Switzer | Lucie Huger | Beata Krakus