Skip to Content
The Big Picture San Diego Blog


EU

May 25, 2018

Many of your inboxes have likely been bombarded this week with notifications of privacy policy updates from organizations of every kind. That’s because today is the day that a two year transition period ends and enforcement for the European Union’s General Data Protection Regulation (GDPR) begins. This new regulation changes the ways in which companies can collect, protect, and use personal data, while bolstering consumer/user rights to their data.

Sound familiar? You might have attended World Trade Center San Diego's roundtable about Data Protection and Privacy Regulations for EU and APEC back in January.

Here’s some background:

Two years ago, the European Union adopted the GDPR, a regulation that harmonizes data protection and privacy laws for all EU individuals. We say EU individuals because the GDPR applies not just to EU citizens but also residents, workers, and even foreigners whose data is collected while on EU soil. Companies were given a two-year transition period to decide upon and execute a compliance strategy.

Some of the key issues addressed in the GDPR are:

  • Enhanced rights of data subjects
    • Digital consent
    • Right to erasure
    • Right of access/data portability
  • Responsibilities of the data controller/processor
    • Data Protection Officer (DPO) requirements
    • Handling of data breaches
  • Penalties for non-compliance

The GDPR is a complex legal framework that has been shrouded in controversy from the start. Some have argued that small businesses will be disproportionately harmed by the cost of compliance despite the initial target of the legislation being data giants, such as Facebook and Google. Not that compliance has been a breeze for those two companies either. As the EU’s judiciaries build precedence around this topic, the important thing for companies to do at this moment, is to ensure that their privacy policies and marketing efforts comply with the updated regulations.

You can check out our updated (and GDPR-compliant) privacy policy here.

February 9, 2018

On January 24, WTC San Diego partnered with the U.S. Department of Commerce to host a roundtable discussion on data protection and privacy regulation.

Beginning in May 2018, virtually all U.S. exporters to Europe will need to be compliant with the new EU General Data Protection Regulations (GDPR). Regardless of the company, industry or sales market, there will be new requirements and stiff fines for companies in the case of non-compliance.

At this roundtable, Nasreen Djouini, policy advisor at the U.S. Department of Commerce, discussed important developments in the GDPR and introduced the EU-Swiss-U.S. Privacy Shield Framework – a mechanism that provides companies on both sides of the Atlantic a way to comply with data protection requirements when transferring personal data in support of transatlantic commerce.

Djouini also advised on the Cross-Border Privacy Rules (CBPR) System developed by Asia-Pacific Economic Cooperation (APEC). The CBPR is a mechanism that helps to bridge privacy regulation differences by providing a single framework for the exchange of personal information among participating economies in the APEC region.

Hosted by CBRE, the event was attended by more than 30 San Diego business executives from companies either planning to, or currently, conducting business overseas.