GDPR Resource Center
The EU General Data Protection Regulation (GDPR) now applies directly in all EU member states and is enforceable.
The GDPR imposes far-reaching obligations for companies in the EU that collect, use, or otherwise process personal information. While the GDPR is pan-European in scope, individual Member States will be issuing implementation guidelines and in some areas more detailed rules. We are closely monitoring all developments related to local implementation on behalf of our clients and are making them available here so that you can track them as well.
With possible penalties of up to €20 million or 4% of global annual revenue for non-compliance, companies cannot afford to turn a blind eye. Morrison & Foerster’s global Privacy + Data Security team has extensive experience advising companies across industries in all phases of GDPR preparedness. Explore our readiness center as you continue to assess your obligations and chart a roadmap to compliance. We would be delighted to speak with you if we can assist. Our team is ready and willing to help.
Webinar On-Demand
Cybersecurity Regulations State of Play: EU vs China
This on-demand webinar covers the various cybersecurity initiatives underway in the European Union, such as the Cyber Resilience Act, the NIS2 Directive, DORA, and the Cybersecurity Act, and assesses how they match up to what China’s cybersecurity laws have been developing into over the last few years.
- Client Alert
2024’s Blockbuster: The EU’s Data Act
Following the EU Commission’s first draft of the Data Act in February 2022, the European Parliament and European Council provisionally reached agreement on the Data Act’s final cut in June 2023
- Client Alert
The ICO’s Move Towards a More Harmonized Approach for Binding Corporate Rules: The UK BCR Addendum
Alex van der Wolk and Marta Hovanesian discuss the UK BCR Addendum, a development spurred on by the challenges that companies faced with their BCRs after Brexit.
- Client Alert
A(nother) Roadblock for EU-U.S. Data Transfers – How to Proceed After the Irish DPC’s Decision
While it only binds the company in question, this decision has broader ramifications, because the DPC makes a number of observations to support it that impact every company that transfers personal information from the EU to the U.S. In this article, we lay out how we got here and possible ways forward.
- Client Alert
EU: Advocate General Opines in “Deutsche Wohnen” Case and Rejects “Strict Liability” for GDPR Violations
Hanno Timner and Philip Radlanski break down the Advocate General for the European Court of Justice's statement that, in his view, Article 83 of the GDPR does not allow for “strict liability” for data protection violations.
- Resource
Local Implementation – Privacy Library
The data protection authorities of several EU member states have issued local guidance on GDPR implementation and other resources to help organizations in their preparedness efforts. Access them through MoFo’s Privacy Library.
- PDF
GDPR at a Glance
Download MoFo’s two-page reference guide for key dates, obligations, and considerations as you execute your readiness plan.
