Skip Navigation

6310 Hillside Court
Suite 160
Columbia, MD 21046

P. 410-290-0707



Baltimore, MD 

P. 410-962-1199

General Data Protection Regulation

On May 25, 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) went into effect.   The GDPR is a regulation passed to protect European Union (“EU”) citizens privacy and data breaches.  GDPR applies to any organization that collects data from an EU resident or an organization that processes such data, such as a cloud service provider, which is located within the EU.  It applies to all companies that process an EU resident’s personal data.  This allows the GDPR to apply not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the online conduct of, any EU citizen. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

Under the GDPR, personal data is defined as any information relating to an individual which would allow the individual to be directly or indirectly identified.  Personal data may include, name, home address, photographs, email addresses, banking details, posts on social networking websites, medical information, or a computer’s IP address.

Under the GDPR organizations must obtain valid consent to collect data from EU citizens.  Such consent must be affirmative, informed, voluntary, unambiguous and limited to a specific purpose.  The individual whose data is collected shall have the right to: i) have all personal data within an organization’s possession erased upon demand; ii) access their own personal data by request; iii) report and require correction be made to inaccurate data; and (iv) receive data in machine readable form so that the data may be ported.    Any breach of data protections must be reported immediately by the organization collecting or process the EU citizen’s data.  

All organizations subject to the GDPR will all need to appoint a data protection officer (“DPO”) to implement policies and procedures and to monitor compliance with the GDPR.  Organizations must take proactive measures to protect data and implement “Privacy by Design” protections.  This concept means that an organization must take proactive and preventive, and not reactive and remedial measures, for protection of privacy.   Privacy protection must be the default of the organization and privacy design must be embodied as part of the architecture of IT systems and the business practice of the organization

Organizations which breach the GDPR can be fined up to 4% of the company’s annual global income or approximately $25 Million, whichever is greater. The maximum fine can be imposed for more serious infringement violations, such as not having customer consent to process data or violating the Privacy by Design concept. There is a tiered approach to fines assessed against an organization depending on the charter and type of breach that has occurred.  The GDPR provides a right for any person who has suffered damages as a result of infringement of the regulation to file judicial action to receive compensation.   If there are multiple data processing entities responsible for such violation, each organization is liable for the full damage caused by the breach.



BTLG Attorneys At Law

Talk to a lawyer

Bold labels are required.

News from BTLG:

Expansion of Definition of Race to Include Hairstyles
Effective October 1, 2020, the definition of race under Maryland discrimination laws has been expanded to also include hair styles
Maryland Economic Stabilization Act (“Mini Warn Law”)
Effective October 1, 2020, Maryland employers who employee 50 or more individuals are required to comply with updated mandatory provisions of the Maryland Economic Stabilization Act (“Mini Warn Law”)
Insurance Coverages for Businesses: Will your insurance cover you for a coronavirus-related loss?
Some insurance policies may allow for claims on coronavirus related losses
Maryland closes restaurants, gyms and theaters
Maryland Governor Hogan issued an Executive Order with further direct impact to Maryland business
More BTLG News