Skip Navigation

6310 Hillside Court
Suite 160
Columbia, MD 21046

P. 410-290-0707



Baltimore, MD 

P. 410-962-1199

General Data Protection Regulation

On May 25, 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) went into effect.   The GDPR is a regulation passed to protect European Union (“EU”) citizens privacy and data breaches.  GDPR applies to any organization that collects data from an EU resident or an organization that processes such data, such as a cloud service provider, which is located within the EU.  It applies to all companies that process an EU resident’s personal data.  This allows the GDPR to apply not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the online conduct of, any EU citizen. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

Under the GDPR, personal data is defined as any information relating to an individual which would allow the individual to be directly or indirectly identified.  Personal data may include, name, home address, photographs, email addresses, banking details, posts on social networking websites, medical information, or a computer’s IP address.

Under the GDPR organizations must obtain valid consent to collect data from EU citizens.  Such consent must be affirmative, informed, voluntary, unambiguous and limited to a specific purpose.  The individual whose data is collected shall have the right to: i) have all personal data within an organization’s possession erased upon demand; ii) access their own personal data by request; iii) report and require correction be made to inaccurate data; and (iv) receive data in machine readable form so that the data may be ported.    Any breach of data protections must be reported immediately by the organization collecting or process the EU citizen’s data.  

All organizations subject to the GDPR will all need to appoint a data protection officer (“DPO”) to implement policies and procedures and to monitor compliance with the GDPR.  Organizations must take proactive measures to protect data and implement “Privacy by Design” protections.  This concept means that an organization must take proactive and preventive, and not reactive and remedial measures, for protection of privacy.   Privacy protection must be the default of the organization and privacy design must be embodied as part of the architecture of IT systems and the business practice of the organization

Organizations which breach the GDPR can be fined up to 4% of the company’s annual global income or approximately $25 Million, whichever is greater. The maximum fine can be imposed for more serious infringement violations, such as not having customer consent to process data or violating the Privacy by Design concept. There is a tiered approach to fines assessed against an organization depending on the charter and type of breach that has occurred.  The GDPR provides a right for any person who has suffered damages as a result of infringement of the regulation to file judicial action to receive compensation.   If there are multiple data processing entities responsible for such violation, each organization is liable for the full damage caused by the breach.



BTLG Attorneys At Law

Talk to a lawyer

Bold labels are required.

News from BTLG:

Maryland Minimum Wage Increase 2020
As of January 1, 2020, the Maryland state minimum wage of $10.10 is $11.00 an hour for both large and small employers
Increased Salary Requirements for FLSA Exemptions 2020
The U.S. Department of Labor updated the Fair Labor Standards Act (“FLSA”) by increasing the salary requirements necessary to qualify for certain overtime exemptions, effective January 1, 2020
Workplace Harassment - Prohibitions, Liability, Enforcement, and Prevention Training
Changes to Maryland’s anti-discrimination laws, focused on harassment, are set to take effect, significantly changing the employment liability landscape for small employers in Maryland
Non-competes for low wage earners void
Under a new Maryland law any non-compete agreement that restricts the ability of an employee who earns less than $15.00 per hour or $31,200)annually, to work in the same or similar business or trade shall be deemed null and void
More BTLG News