Rashmi,
I agree with the other comments that this is a big topic, and there is no shortage of lawyers and privacy professionals offering services to help companies comply with GDPR. I think I saw one person reference DLA Piper, which is a well-known international law firm.
However, like the new medical device and IVD rule changes in EU, the first issue is to provide scope to the question. For example, if your goal is to have an EU company ensure compliance with GDPR, then I would recommend an EU law firm or privacy consultancy, and not a US-based entity.
If you are looking for basic materials on the subject, the EU has an excellent page:
Home Page of EU GDPR The International Assoc. of Privacy Professionals also has a good summary,
hereI'd be happy to contact friends in EU to help you find an appropriate privacy lawyer/law firm if that is what you need.
Roger
------------------------------
Roger Cepeda, JD, MBA, RAC
MedTech Law LLC
roger@medtech.lawMobile: 847-421-8361
------------------------------
Original Message:
Sent: 18-Mar-2018 00:28
From: Rashmi Pillay
Subject: EU GDPR and Privacy laws in US
Hi ,
Would really appreciate if somebody could recommend a suitable EU lawyer /consultant for complying to the GDPR.
Thanks & Regards,
Rashmi Pillay
Regulatory Affairs Associate
Ellex
3-4 Second Avenue
Mawson Lakes SA, 5095
T + 61 8 7074 8105
E rpillay@ellex.com
W ellex.com
.............................................................................
One Powerful Vision.
Confidentiality: This e-mail is from Ellex Medical Pty Ltd, ABN 35 008 276 060. The contents are confidential and intended only for the named recipient of this e-mail. If the reader of this e-mail is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the e-mail is prohibited. Viruses: Any loss/damage incurred by using this material is not the sender's responsibility. No warranty is made that this material is free from computer virus or other defect. Ellex Medical Pty Ltd entire liability will be limited to resupplying the material. If you have received this e-mail in error, please reply to us immediately and delete the document.
Original Message------
My interpretation is really quite different. The key differences for companies like mine (a consultancy) will be the (i) extent of data covered (health care data yes, but it goes much further than this all the way through to the use of person-name as opposed to function-name e-mail addresses, (ii) the specific roles defined for certain individuals and assignment of responsibility for data protection, (iii) a move to opt-in with no penalty for not doing (so things like "join our mailing list to get a free whitepaper/special offer" are prohibited practices unless they are also otherwise as readily available). The most difficult issue for many companies maybe understanding when data is transferred outside the EU for processing and the implication of doing this. So in summary, you only have two months, now is the time to contact a lawyer or consultant in your (or your EUAR's) domiciles EU countrybecause there are really stiff financial penalties.
Good luck!
Neil
------------------------------
Neil Armstrong FRAPS
CEO MeddiQuest Limited
Peterborough
United Kingdom
------------------------------