No. 32: The 2018 Buzzword: “GDPR,” and How It practically Affects Corporations in the EU and the US

Details

Author(s):
Publish Date:
February 22, 2018
Publication Title:
TTLF Working Papers
Publisher:
Stanford Law School
Format:
Working Paper
Citation(s):
  • Nikolaos Theodorakis, The 2018 Buzzword: "GDPR," and How It practically Affects Corporations in the EU and the US, TTLF Working Papers No. 32, Stanford-Vienna Transatlantic Technology Law Forum (2018).
Related Organization(s):

Abstract

The EU General Data Protection Regulation (GDPR) was adopted in 2016, and will formally enter into force on 25 May 2018. It is the biggest change in data protection legislation that has been introduced in the past 20 years. It aims to better regulate the fields of privacy and data protection and at the same time catch up with significant technological developments that have occurred over the past decades. Corporations both in the EU and the US, given GDPR’s extraterritorial reach, are working towards compliance. Besides, administrative sanctions can reach up to reach up to 4% of their global revenue, or $24m (€20m), whichever is higher.

This paper will briefly discuss the current status quo of data protection rules in the EU and the US and will then attempt to decipher certain key elements of the GDPR. It will discuss (i) the data subjects’ rights and, in particular, the right to data portability, (ii) the concept of the Data Protection Officer (DPO), (iii) the notion of accountability, using Binding Corporate Rules (BCRs) as an example, (iv) the lead supervisory authority, and (v) specific processing challenges for employers like data processing at work.