White Paper: Two Years of GDPR: What We Have Learned and What You Need to Know

Marcel Duhamel, a partner in the Vorys Cleveland office, authored a white paper titled "Two Years of GDPR: What We Have Learned and What You Need to Know." The white paper provides an in-depth overview of GDPR (General Data Protection Regulation), the European Union's law on data protection and privacy that went into effect in May 2018.  It also offers some insights into what has been learned about the law over the past two years. 

The white paper, which is available here, covers a number of topics including: 

• The extraterritorial scope of GDPR - including to U.S. businesses with no physcial presence within the E.U.
• How a U.S.-based business can determine whether or not GDPR applies to them and, if it does, what compliance entails.
• The many rights of data subjects granted under the GDPR. 
• The principles in GDPR that govern the processing of personal data and the obligations on businesses to comply with these principles. 
• An overview of the potential damages and penalties.

Duhamel authored the detailed white paper to remind businesses that compliance with GDPR requires a deep and detailed understanding of the personal data an entity actually holds. He has advised clients with respect to GDPR compliance, financial privacy compliance, and privacy policies and has counseled clients through the Privacy Shield certification process. He is a member of the International Association of Privacy Professionals and a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and a Fellow of Information Privacy (FIP).