Data Protection in 2016: An Update on Transatlantic Data Flows After Schrems and An Initial Review of the General Data Protection Regulation
On January 26, partners from WilmerHale’s Regulatory and Government Affairs Department and Cybersecurity, Privacy and Communications Practice discussed key elements of the current state of data protection regulation in the European Union, as part of the firm’s 2016 Cybersecurity, Privacy and Communications Practice webinar series. The panel provided an update on the legal framework for transatlantic transfers of personal data following the European Court of Justice's landmark decision in Schrems v. Irish Data Protection Commissioner, which invalidated the program that authorized thousands of US companies to receive and process personal information from the European Union. In their initial reaction to the decision, European data protection authorities had announced increased scrutiny and enforcement actions starting February 1, 2016.
The panel also presented an overview of the key topics in the final text of the General Data Protection Regulation (GDPR), which was agreed upon in December 2015. They also provided insights on what companies should expect during the two-year transition period as well as what will happen after the GDPR takes effect in 2018 and what companies can do to avoid disruptions in their data-processing activities.