European Union's General Data Protection Regulation in force

Google is finally making it easier for you to manage your private data

Google is finally making it easier for you to manage your private data

As the 25 May approaches, businesses across the globe must ensure they are prepared for the change.

The categories of health data protected under the GDPR rule include genetic data, biometric data, and data concerning health.

If you have any questions about this memorandum, please contact Lisa Christensen, Sara Temes, any other member of our Cybersecurity and Data Privacy Practice Group, or the attorney in our firm with whom you are regularly in contact.

Financial Services - Financial organizations often maintain huge stockpiles of PII data on account holders. Some of the rights could have a profound impact, like the "right to erasure", which gives users the power to demand collected data be deleted from companies' systems, and a family of rights related to "automated individual decision-making" that protect users from the vagaries of algorithmic decisions.

Call center agents also need to learn new processes and tools to quickly submit the requested changes and know how to respond when they can't.

The data subject has given consent to the processing of personal data for one or more specific purposes.

Similarly, as more health and credit records move into the digital realm and the Internet backbone, such records have also ended up being hoovered up by nefarious actors - from organized crime to unscrupulous companies to repressive governments, used for blackmail, character assassination, electoral fraud or outright theft.

Have you provided consent for a specified retention period? Options for erasing user data will have to be provided, amongst other modifications.

Internal mechanisms and control systems must be put in place to ensure compliance along with evidence to prove this.


The company promises better user transparency thanks to an updated Privacy Policy that will make it easier for users to understand what kind of data is collecting.

User consent is also important.

It is unlikely, given the current shift away from regulatory control within the U.S., that there will be similar legislation in that country soon, but especially as most data-centric companies are transnational in scope, this will likely only slow the adoption of a stronger data privacy regime in America, not stop it. A 2017 YouGov survey surrounding GDPR and data security, revealed that 96 percent of those polled confessed to never reading all, if any, website terms and conditions, privacy policies and cookie consents. In general, an organization may collect and process personal medical information only if it is necessary for patient treatment and diagnosis, and with the explicit consent of the patient.

Companies globally, including Uber Technologies Inc., Yahoo, and Equifax Inc., have increasingly been hit with data breaches in the past few years.

The data protection/security section of the GDPR covers how a company that has legally obtained access to an individual's data protects that data from others.

Perhaps as a way to help companies keep up with this, the GDPR also requires data governance to supervise the use and protection of the data within each company.

In the event a medical tourism agent shares personal data with a vendor such as a hotel, the vendor must provide a Data Processing Agreement (DPA) with the supplier confirming the vendor's compliance to the GDPR and dictating the purposes for which such data is to be processed.

Individuals under Article 20 will also have the right to receive data or require that the data be transferred to another controller, known as the "right to data portability". The biggest losers will be advertisers and marketers, who will now need to rethink their business models when consumer data is no longer effectively free to them. The FTC has an active history of enforcing the previous European Union data protection law under US consumer protection rules and there is no reason to anticipate any change in that trend.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.