As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield to the U.S. Department of Commerce

Welcome to Part 3 of the Baker & McKenzie GDPR Game Plan Series! On 25 May 2016, the GDPR finally entered into force. It will start to apply as of 25 May 2018 giving organisations two years to come into compliance.

With the GDPR set to become effective mid-2018, companies would be wise to assess sooner rather than later how the GDPR will affect their business models and data processing practices and start formulating a Game Plan to address the transitional steps they would need to take locally, regionally and globally to become GDPR compliant.

The end of the year saw a flurry of activity with respect to the GDPR. The biggest change in EU data protection law in two decades is imminent. The GDPR will affect the way companies collect, process, store and transfer personal data in and out of the EU.

After years of consulting, drafting and negotiating at various levels, on 15 December 2015 the final compromise text of the EU General Data Protection Regulation (“GDPR”) was agreed. What a milestone! Once the European Parliament and Council both adopt the agreed text, the GDPR will officially come into force.

The Weltimmo judgment by the Court of Justice of the European Union on 1 October 2015 has potentially far-reaching implications in practice as it addresses a question frequently faced by multinationals operating across multiple EU jurisdictions, namely which one of the various national data protection laws they must comply with.