- BLOG -


How the Nonprofit Landscape Will Change in 2019

January 29, 2019 at 1:48 PM - Privacy,


Nonprofit legal departments can expect changes in 2019 due to new federal and state laws passed last year. Lakshmi Sarma Ramani, a member with our Washington D.C.-based team, offers an overview of the key issues that may impact nonprofits in her latest ACC Docket article.

Continue Reading

Update on the EU-U.S. Privacy Shield's Status

October 31, 2018 at 9:18 AM - compliance,


Outside GC Member Stephan Grynwajc continues to keep a close eye on the fate of the EU-U.S. Privacy Shield data-sharing arrangement. 

Continue Reading

GDPR National Derogations: The Next Phase of EU Privacy Compliance

July 24, 2018 at 4:29 PM - EU Laws,


U.S. companies handling the personal data of EU residents should now be familiar with the requirements of the General Data Protection Regulation (GDPR), the new data protection law covering all countries in the EU, which went into effect on May 25, 2018. News about the GDPR has been plentiful, including Outside GC’s own alerts. However, compliance with EU privacy laws does not end with this regulation. There are other EU legislations covering privacy matters outside of the GDPR, such as the E-Privacy Directive 2002/58/EC of 2002 (a/k/a the “Cookies Directive”) and the “national derogations” of individual EU member state laws which impose additional responsibilities for U.S. companies that use the personal data of its residents as part of their business activities.

Continue Reading

The Likely Demise of the EU-U.S. Privacy Shield & Its Impact on U.S. Companies

July 5, 2018 at 2:58 PM - compliance,


The future of the EU-U.S. Privacy Shield data-sharing arrangement is shaky at best. On June 12, 2018, a resolution was passed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (LIBE) calling for the suspension of the Privacy Shield, unless the U.S. demonstrates full compliance with the requirements of the program by September 1, 2018. And today, following the recommendation of the LIBE, Parliament itself voted 303 to 223 (with 29 abstentions) in favor of suspension “unless the U.S. is fully compliant” by September 1st.

The European Parliament took this action in response to a number of recent data breaches affecting Privacy Shield Certified-U.S. companies, causing concern over the effectiveness of the regulatory oversight of the framework, as well as well as over the sufficiency of the Shield’s certification requirements which are designed to protect the personal data of EU residents. If suspended, certified U.S. companies will no longer be able to leverage the benefits afforded to them by the Privacy Shield, forcing them to find new compliance mechanisms by which to transfer data from the EU in order to satisfy the requirements of the GDPR.

Continue Reading

Even If You Are a U.S. Company, Don’t Ignore the GDPR

May 4, 2018 at 3:20 PM - compliance,


Complying with the EU’s New Data Privacy Law

GDPR.-Notebook-with-Notes-General-Data-Protection-Regulation-on-the-table-of-a-businessman-.-898176928_3869x2579On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force, broadening the scope of privacy obligations for companies doing business in or with Europe. The GDPR applies to all businesses that collect and use personal information of EU residents, including organizations located outside the EU.

U.S. companies, including Data Processors in the United States, may be subject to the GDPR if they offer products or services to EU residents or if they monitor the behavior of such residents even if they do not have a physical presence in the EU.

Continue Reading

What is the E.U.-U.S. Privacy Shield Framework & How Does Certification Work?

August 4, 2016 at 10:09 AM - compliance,


The E.U.-U.S. Privacy Shield Framework was formally approved July 12, 2016 when the E.U. Commission deemed the Privacy Shield Framework “adequate” to enable data transfers under E.U. law. U.S. businesses that meet the Privacy Shield requirements can self-certify online beginning August 1. U.S. businesses processing E.U. customer or employee data, or with plans to do so in the near future, should consider Privacy Shield certification.

Continue Reading
Outside GC is an innovative approach to legal services for growing and mature businesses. Companies who engage Outside GC fall into two main categories: (1) those without in-house counsel who need regular, on-going legal support but do not wish to hire a full-time in-house lawyer, and (2) those with in-house counsel who do not wish to add more full-time resources to their existing in-house staff. Contact us to speak to one of our on-demand attorneys.

Subscribe to our Blog