Call 855-808-4530 or email GroupSales@alm.com to receive your discount on a new subscription.
After years of discussion, debate, lobbying and lamenting, we are now twelve months from the date the European Union’s General Data Protection Regulation (GDPR) takes effect. The GDPR replaces the EU’s Directive 95/46/EC, which has provided data protection guidance in the EU since 1995. The purported purpose for enacting the GDPR is to create regulatory consistency and certainty for companies operating in the EU with respect to their obligations to protect personal information for citizens of EU states. With a fining mechanism that allows penalties as high as 4% of global turnover (i.e., gross-revenue), any company that has yet to take a hard look at its obligations under the GDPR would be well-advised to do so before it’s too late. Moreover, the breadth of the regulation will create compliance headaches for nearly every organization, large and small.
By Gabrielle Orum Hernández
Gov. Nathan Deal opted to veto a cybersecurity bill criticized by technology groups that would have made “unauthorized computer access” a crime.
By Stacey Garrett
U.S. laws require companies to retain records for years, and sometimes forever, and violating U.S. records retention laws can result in domestic fines and penalties. How can U.S. companies comply with the GDPR’s “right to erasure” while still fulfilling their U.S. records retention obligations?
By Ishan Girdhar
Most firms have extensive cybersecurity measures in place, but emerging or unclear regulatory requirements embroil them in a never-ending cycle of evaluation, best-practices review, and implementation. Firms don’t just need to have their own systems secured; a responsible firm must also reduce the risk of breach at their third-party vendors. As cloud service providers become commonplace, so too does a firm’s responsibility to ensure their vendors are managing risk appropriately.
By Mark Sangster
Small Law Firms Face Large Regulatory Requirements
Unlike large firms with comparable resources with which to protect client non-public information, small firms can find themselves trapped between cyberattacks, like ransomware, that don’t prejudice based on the size of firm, and regulators who are indifferent to your size, when investigating a potential violation.