Client Alert Privacy, Data Security & Information Use Consumer & Retail Technology Privacy, Data Security & Information Use Internet & Social Media May 9, 2016 Countdown to Compliance: Final Text for EU General Data Protection Regulation Published By Rafi Azim-Khan and Steven P. Farmer The final text of the significant new EU General Data Protection Regulation (GDPR) has now been published (4 May 2016) in the Official Journal of the European Union. This means the clock is now ticking for the sweeping new data laws that will apply to anyone using personal data across the 28 EU member countries, as well as potentially businesses in the United States. Given the wide-ranging changes this will bring to the existing law, the extraterritorial reach of the GDPR and the significantly increased fine levels to be introduced, companies, both in and outside the EU, are advised to act now to ensure that they are fully prepared for implementation day. The GDPR, which replaces the current Directive 95/46/EC and has taken more than four years to negotiate, applies to all commercial processing of the personal data of EU data subjects, wherever that processing takes place.

The GDPR also introduces new and reinforced rights for data subjects and significantly increases fine levels in case of privacy breaches (potentially up to 4% of global revenue). In order to bring themselves into line with the GDPR, companies both inside and outside the EU will be required to audit their processing activities, (e.g., consider what internal changes are needed, action changes to their marketing/sales activity, website, customer interaction, data sharing and transfers and so on), to ensure that compliance is in place before implementation date and ensure that they are adhering to principles of “Privacy by Design”. We are happy to assist with company privacy audits/health-checks, policy and website updates, data transfer solutions and/or general guidance on what needs to be done and in place before 25 May 2018. Pillsbury Winthrop Shaw Pittman LLP pillsburylaw.com | 1 . Client Alert Privacy, Data Security & Information Use If you have any questions about the content of this Alert, please contact the Pillsbury attorney with whom you regularly work, or the authors below. Rafi Azim-Khan (bio) London +44.20.7847.9519 rafi@pillsburylaw.com Steven P. Farmer (bio) London +44.20.7847.9526 steven.farmer@pillsburylaw.com Pillsbury Winthrop Shaw Pittman LLP is a leading international law firm with 18 offices around the world and a particular focus on the energy & natural resources, financial services, real estate & construction, and technology sectors. Recognized by Financial Times as one of the most innovative law firms, Pillsbury and its lawyers are highly regarded for their forward-thinking approach, their enthusiasm for collaborating across disciplines and their unsurpassed commercial awareness. This publication is issued periodically to keep Pillsbury Winthrop Shaw Pittman LLP clients and other interested parties informed of current legal developments that may affect or otherwise be of interest to them. The comments contained herein do not constitute legal opinion and should not be regarded as a substitute for legal advice. © 2016 Pillsbury Winthrop Shaw Pittman LLP.

All Rights Reserved. Pillsbury Winthrop Shaw Pittman LLP pillsburylaw.com | 2 . .