The Long Arm of the GDPR—The Who, What and Where for Non-European Companies presented at GlobalPrivacySummit 2019

by Ruby A. Zefo, Edward Mcnicholas, Corey M. Dennis, Felicity Fisher,

Summary : Programmed by the IAPP Privacy Bar Section Advisory Board. The extraterritorial applicability of the GDPR is complex and presents challenges from a public policy, corporate governance and practical perspective. Outside the EU, it applies when an organization's data processing activities relate to offering goods or services to—or monitoring the behavior of—EU data subjects in the EU. But what does that mean in practice? The precise contours remain unresolved, leaving many open questions relating to presumptions against extraterritoriality under other laws, difficulties in enforcement, and challenges in operationalizing EU law on a global basis. This interactive session will discuss these issues and provide guidance on developing global privacy programs in compliance with the GDPR and other applicable laws.What you'll take away:Discussion of key issues relating to extraterritoriality of GDPR, including international law principles, enforcement challenges, and risk evaluationUpdate on recent developments relating to extraterritoriality of data protection laws (e.g., Google’s challenge to global application of “right to be forgotten,” the recently enacted U.S. CLOUD Act, and cross-border discovery issues)Guidance and best practices on operationalizing global compliance in light of potential extraterritorial application of GDPR