Privacy, regardless of its form, is considered a basic human right that is enshrined in many jurisdictions worldwide and is considered a cornerstone of many fundamental rights. The European Union has made the conscious decision to legislate a regulation that will encompass the entire Union, namely the General Data Protection Regulation (“GDPR”), that will ensure the protection of privacy of its citizens in a harmonized manner.
Hence, the GDPR has set the bar for the level of privacy globally, and as such the implementation of the regulatory framework has created a spillover effect on other jurisdictions, such as the California Consumer Privacy Act (“CCPA”) and other forms of privacy legislation. The main aspects that these bodies of legislation, and the regulatory framework deriving from them, is the mere concept that data subjects have the right of access and control over their personal data.
The data itself is a collection of information; it may be personal details as passport number, name and address, but under the same scope information such as medical data and banking information also falls.
Thus, once the information is misused or mispresented, complications of reputation may arise. As in this day and age reputation can be a rare commodity, it is of vast importance to maintain a solid reputation, that will not be hindered from false and negative publications online. For this, GDPR and the CCPA have consolidated as a framework the notion of right to be forgotten and accuracy of information, which led to a few recent cases as preliminary rulings at the Court of Justice of the European Union (“CJEU”).
In addition, transfer of information between Member States of the EU (as one economic union) and Association Countries, has been viewed in close scrutiny by the authorities since the implementation of the Schrems II ruling, and as such many companies and institutions in the EU and the US are subjected to increased fines by the data protection authorities in each Member State.
Our firm assists both institutions and individuals to protect their rights and obligations within the applicable regulatory framework, advice on the correct and most suitable course of action in cases of data breach, GDPR implementation for software, and activity action plans.