Login | December 18, 2018

New cybersecurity rules for Europe

RICHARD WEINER
Technology for Lawyers

Published: January 5, 2018

Any company, including law offices, that does business with the European Union will have to conform to new EU cybersecurity rules by the deadline date of May 25, 2018.

The new rules take the place of electronic privacy rules that date from 1995. Yes, you read the right.

Bottom line—any company/ law firm that doesn’t conform to these rules can’t do business in the EU. And since Britain was a member of the EU when the new rules were passed, even with Brexit, that shrunken former empire has stated that it will also force any company doing business there to conform to those rules.

The rules are called the General Data Protection Regulation and can be found at this link: https://www.eugdpr.org. They are far too complicated to lend themselves to a complete description in a column like this, but they are of dire importance to any entity that does any business in the EU. Read this right now, if you haven’t already.

A couple of points from the GDPR:

If you or any of your clients do any business in any EU country, these rules have to be followed. The punishment for non-compliance can be severe.

The rules apply to any stored or transmitted data about any resident of the EU, whether or not the company (or firm) resides in or even does business in the EU. So, say, you’re a US company that sends emails to anyone in the EU, you have to conform to these rules or risk phenomenal penalties that can literally drive a company out of business—penalties like a fine equivalent to five percent of a company’s global revenue.

The new regs are forward-looking. They aren’t content to just punish scofflaws. They require a company to prove conformance before that company can continue to do business in the EU.

Any individual who has stored data (which is about everyone, of course) can demand that that data be erased. Have fun with conforming to that one.

And there’s a lot more.

So—read the new regs. And be prepared to double the size of your IT and compliance departments. Or kiss all EU business goodbye!


[Back]