New EU consumer data regulation launches in May

The European Union’s (EU) new General Data Protection Regulation (GDPR) is effective May 25. The GDPR was adopted two years ago to ensure greater protection of consumer data generated in the EU. Barbara Dunn, a member of NAFEM’s legal team at Barnes & Thornburg, summarized the new regulation and how it affects NAFEM members operating in the EU:

• Regulation covers all EU residents
• Fines for non-compliance are 4% of an organizations’ annual global revenue
• If you hold data from an EU resident you must have a lawful basis to hold the data (a legitimate interest or consent)
• Consent is the best way to obtain the lawful basis – it must explain how the data will be used and how it will be shared with others
• Regulation applies to individual data, not company data
• Consent can be as simple as the dialog box sample shown below:

“I understand that my personal data will be used as follows…

• By [company for XYZ]
• By our partners for [XYZ]

For more information please review our EU GDPR compliant privacy policy.”

NAFEM will conduct a webinar May 15 for members to learn more about GDPR and how to become compliant.  Register today.