Turinas & Bird, LLC

Strategic Counsel for Cloud Based Technology Companies & Expansion

(646) 679 4313

  • Google+
  • Linkedin
  • Twitter
  • Home
  • About
    • Alice Turinas
    • Alison Bird
  • Services
  • Client Success Stories
    • Testimonials
  • Blog
  • Contact Us
  • Health Tech
  • HR Tech
  • Corporate/Transactions
  • Technology Licensing

Europe’s New Data Protection Regulation: Far Reaching and Highly Punitive (even for US Companies)

April 1, 2017 by Alison Bird Leave a Comment

Data Protection RegulationAs a US Company operating domestically, you might not be worrying too much about the European Union’s General Data Protection Regulation (the “GDPR“), scheduled to go into effect in May of 2018. However, if you are collecting EU consumer data, you would be wise to plan ahead and adapt because the financial penalties for non-compliance are very significant. The GDPR applies to any entity that processes personal data about an EU resident in connection with the offer of goods or services in the EU or the monitoring of behavior in the EU. Even if you never set foot on European soil, If your activities fit this description, this law might apply to you.

In general, the GDPR sets a high standard for consent. The goal is to offer people genuine choice and control over how their personal data is used. Specifically, the GDPR defines consent as, “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” It goes further than prior regulations in that it also requires keeping records of consent, clarity and prominence of consent requests, the right to withdraw consent, and avoiding making consent a condition of a contract. So, what exactly is required for consent to be valid under the GDPR? What exactly is “informed and unambiguous” consent? What is “clear affirmative action?” In early March, the Information Commissioner’s Office, the United Kingdom’s independent body which regulates privacy rights in the United Kingdom (the “ICO”), offered some clarity. According to the ICO, valid consent must be:

Unbundled. This means consent must be separate from other terms and conditions and may not be a precondition of signing up to a service unless necessary for that service.

Active. Pre-ticked opt-in boxes are not valid. In contrast, unticked opt-in boxes or similar active opt-in methods (for example, a binary choice given equal prominence) are sufficient. The key point here is that all consent must be opt-in consent. Failure to opt out will not be considered consent.

Granular. There must be separate consent options for different processing operations and different purposes. If purposes or activities evolve beyond what was originally specified, consents will have to be renewed.

Named. Organizations and any third parties relying on consent must be precisely named (categories will not be sufficient).

Documented. Records must be kept to demonstrate what the individual has consented to, including what they were told and how they consented.

Easy to Withdraw. People must be informed of their right to withdraw consent and it must be easy to do so.

No Imbalance in the Relationship. Consent cannot be freely given if there is an imbalance in the relationship between the individual and the controller.

Can Companies Continue to Use Previously Collected Data? For those companies wondering whether they can continue to use data obtained prior to the effective date of the GDPR, the answer might not be the one you want to hear. While there is no need to repaper consents that meet GDPR standards and are properly documented (provided that mechanisms are added to make withdrawal of consent easy), if existing consents don’t meet GDPR standards or are poorly documented, you will need to seek fresh, compliant consent for your processing or stop processing altogether.

What Are the Penalties for Non-Compliance? Companies who rely on invalid or inappropriate consent may find themselves open to substantial fines under the GDPR which states that infringements of the basic principles for processing personal data, including conditions for consent are subject to administrative fines which could be as large as 20 million Euros (approximately 21.6 million dollars), or 4% of your total revenues, whichever is higher.

For US Companies used to a little more freedom and flexibility around the collection and use of personal data, if European Data is being collected, those days may be gone. The implementation of systems that comply with GDPR will require technical and administrative changes that may be costly and may take time. However, because the penalty for non-compliance is so great, it is important that plans are made to ensure compliance before the GDPR becomes effective.

Filed Under: Data Security, Digital Tagged With: Consent, GDPR, Privacy

Our Latest Posts

  • October Executive Health Tech Roundtable
  • Cyber Insurance: Does Your Policy Cover Your Risk?
  • Europe’s New Data Protection Regulation: Far Reaching and Highly Punitive (even for US Companies)
  • Increasing M&A in 2017 Predicted, Benefitting Technology Companies such as Digital Health
  • The Hidden Cost Of Non-Prescriptive Cybersecurity Regulation: Have Regulators Begun To Catch On?

Client Testimonials

Turinas & Bird, LLC
"When I am considering hiring a lawyer, I look at whether they spend time to assess my pain factors, listening to what our needs are going to be. I want problem-solvers rather than over-analyzers, who understand my priorities as well as my issues. Other lawyers look solely at legal issues. Turinas & Bird looks at both the legal issues and practical issues, and then form a strategy. Among other things, I rely on them as an accessible sounding board. They function as our outsourced general counsel."
Bruce Groves President, Emilcott Associates, Inc.
Turinas & Bird, LLC
"When I am considering hiring a lawyer, I look at whether they spend time to assess my pain factors, listening to what our needs are going to be. I want problem-solvers rather than over-analyzers, who understand my priorities as well as my issues. Other lawyers look solely at legal issues. Turinas & Bird looks at both the legal issues and practical issues, and then form a strategy. Among other things, I rely on them as an accessible sounding board. They function as our outsourced general counsel."
Bruce Groves President, Emilcott Associates, Inc.
Turinas & Bird, LLC
"Turinas & Bird is our go-to law firm for our expansion to have a permanent presence in North America. Alice’s experiences as a lawyer in both the US and the UK, our headquarters country, have been invaluable to us. I also appreciate her genuine concern for our issues, and how she understands the challenges in providing professional services to global consumer products companies."
Fiona Blades CEO, MESH Planning
Turinas & Bird, LLC
"With Turinas & Bird, I got exactly what I wanted, from the right person, and knew my company’s interests were well-protected, on our company’s most significant international transaction. Unlike her counterparts at a large law firm, Alice gives us her full attention without needlessly running up the bill. In addition to having significant corporate and international experience, she is friendly, conscientious, quick to understand new situations, and nimble in navigating the best way through a challenging problem. Her advice is straightforward: ‘This is what we need to do to protect your company and achieve your goals.'"
Dr. Ed Guy CTO, Practice Unite
Turinas & Bird, LLC
"When we co-principals of our consulting firm needed a shareholders agreement, I chose Turinas & Bird because of Alice Turinas’ practical, problem-solving approach. From discussions I had with her before she was aware that we were looking for legal advice, it was evident that she had deep experience with joint ventures and co-ownership issues. Alice laid out our choices in a clear, jargon-free way, so we could have our agreement tailored to suit our needs and priorities. Since then she has also advised on client agreements involving intellectual property matters, and has proven once again to be pleasant, responsive and practical. I am confident that she puts our company’s interests before her own; for her, we are not just another source of billable hours."
Beth Williams Principal, Forward Focus, Inc.
Turinas & Bird, LLC
"Alison Bird was instrumental in launching our small business. Her methodical approach in establishing our legal entity and supporting documentation gave me much comfort that we had a solid yet versatile infrastructure to operate the business with the greatest efficiency. Additionally, her ability to think outside of the box helped us to structure solutions to even the most difficult of business challenges. Alison Bird offers the unique combination of great command of the law, great solution orientation, and great charm, rendering her a key advisor in our work."
Heather Ibrahim Leathers Co-founder, Digitod
Turinas & Bird, LLC
"Alice Turinas and Alison Bird are an incredible team with the ability and connections to assemble the best team of partners for their clients. With their meticulous, well-organized and caring approach, I always felt protected and in secure hands. When combined with their rich experience, knowledge and guidance, I knew that I had hired the right lawyers - people I trusted to help me safely grow my business and take it to the next level. I highly recommend Turinas & Bird."
Kimberly Eads Managing Member, Vital Development LLC
Turinas & Bird, LLC
"Alice Turinas has a wide range of technology skills and startup business experience. Thanks to that, she has offered valuable suggestions, and I know Turinas & Bird can handle our needs as we grow. Because I like an answer that addresses the ‘ins’ and ‘outs’ of an issue, Alice made sure that I had a good understanding of the available options, and not just the strict legal answer. And while other firms lack a personal touch and thoroughness, Alice is warm, outgoing and willing to go the extra mile. The results have been excellent: our issues were well understood, and the outcome has been far better than my expectation."
Ryan Gyure CEO, Cannonball Projects, Inc.
Turinas & Bird, LLC
"Alice Turinas enabled us to close the sale of our business by the end of the year, saving us from paying substantially higher taxes had we completed the sale later. This was quite a feat, since she was not only dealing with the buyer, but also obtaining consent to the sale from the national franchise of which our business was a part. There were times when we doubted whether everything could get done before year end, but somehow, with her help, it was finished before our deadline."
MaryAnn & Peter Stajk former owners of a retail battery distributor
Turinas & Bird, LLC
"During a 'crunch' period, Turinas & Bird handled negotiation of several agreements with technology providers. They sent frequent updates and recommendations with just the right amount of detail, demonstrating sophisticated experience and a results-driven attitude."
Helen Allison Group Vice President-Legal (Corporate IT), Wyndham Worldwide Corporation

Our Offices

New York Office
347 Fifth Avenue, Suite 1402
New York, NY 10016
(646) 679 4313
Development@TurinasBird.com

New Jersey office:
30B Vreeland, Suite 210
Florham Park, NJ 07932
+1 (646) 679-4313

Texas office:
2600 Lake Austin Blvd, Suite 5101
Austin, Texas 78703
+1 (646) 679-4313

©2015 Turinas & Bird LLC
Attorney Advertising. Prior results do not guarantee a similar outcome.
Privacy Policy   |   Terms of Use   |   Design Credit