In April 2016, the European Parliament adopted the General Data Protection Regulation (GDPR), an overhaul of the EU data privacy regime. The GDPR will apply directly in all EU member states on May 25, 2018, giving companies just over a year (and counting!) to achieve compliance. With possible penalties of up to €20 million or 4 percent of global annual turnover for non-compliance, companies cannot afford to turn a blind eye.

The GDPR imposes far-reaching obligations for companies that collect, use, or otherwise process personal information of individuals in the EU. Among other considerations:

  • GDPR will have an unprecedented reach to non-EU companies targeting or monitoring EU consumers. 
  • GDPR will have particular repercussions for digital business models, including interest-based advertising and consumer profiling.
  • GDPR will expand the obligations of service providers, changing the allocation of risk between customers and providers and requiring a review of all data processing and cloud contracts.
  • GDPR will affect not only your global data privacy compliance program, but may affect your products and services as well.

While GDPR readiness will look different for every company and depend on many factors, Morrison & Foerster’s global privacy and data security team has extensive experience advising companies across industries — including B2B and B2C organizations and service providers — in all phases of GDPR preparedness. We have compiled this one-stop-shop of GDPR resources to help you assess your obligations and aide in your preparedness efforts, and would be delighted to further discuss how we can assist with your specific needs.


Read the final text of the GDPR here.


Placemat - Just the Basics
Just the Basics

Download MoFo’s two-page reference guide for key dates, obligations, and considerations as you execute your readiness plan.


The EU General Data Protection Regulation: A Primer for International Business
A Primer for International Business

The GDPR ushered a host of changes that will impact global businesses. How will your company respond?


MoFo’s GDPR Masterclass
MoFo’s GDPR Masterclass

Attend our virtual Masterclass for an in-depth look at the GDPR and a roadmap to compliance.


WP29 Guidance
WP29 Weighs In

Visit our one-stop-shop for the Article 29 Working Party (WP29)’s recent GDPR guidance, covering Data Protection Officers, the right to “data portability,” and the identification of the lead supervisory authority.


Data Breaches and the GDPR
Data Breaches and the GDPR

Does the Dutch breach rule offer a preview of breach reporting under the GDPR?


Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2017 Morrison & Foerster LLP. All rights reserved.