The impact of the GDPR on US companies will be significant. One of the most difficult issues to overcome will be handling data retention. Creating a data retention policy is easy, implementing it will be significantly more difficult. Article 5 sets forth the principle that personal data may be maintained for no longer than is […]
What is the EU Network & Information Security Directive? Preventing or minimizing business risks should result in maximizing profits, but unexpected losses due to cybersecurity incidents can be costly to both businesses and affected consumers. The European Commission has finally addressed this rising issue with the new draft Directive, the Network and Information Security Directive […]
In light of the GDPR’s stringent requirements for consent, HR departments will need to review the legal basis for processing employee data under employment contracts based on consent. The GDPR heightened the requirements for using consent as a legal basis, making this method risky and burdensome. The GDPR requires that consent must be: Freely given, […]