Publications

| Technology and Life Sciences
June 7th, 2016

Client Update – The EU Data Protection Regulation Imposes New Requirements on Non-EU Companies and May Affect Your Non-EU Business By  Timor Belan (Partner) and Assaf Harel 

Client Update – The EU Data Protection Regulation Imposes New Requirements on Non-EU Companies and May Affect Your Non-EU Business

 

If your company markets products or services in the EU or applies online tracking techniques to individuals in the EU, the new EU General Data Protection Regulation (GDPR) may affect your business.

 

The GDPR, which was adopted on April 14, 2016, replaces the current EU Data Protection Directive (Directive 95/46/EC) and seeks to address new challenges brought by rapid technological developments, by providing a strong and coherent data protection framework, backed by strong enforcement.

 

This new regulation imposes new comprehensive requirements on non-EU companies that process personal data of data subjects in the EU in connection with the offering of goods or services in the EU or monitoring behavior of data subjects in the EU. For example, an Israeli company that directly markets its products in the EU, or that applies certain online tracking techniques to individuals in the EU, may be subject to the GDPR, even if it has no physical presence in the EU.

 

Among the requirements applicable to non-EU companies, are the obligations to:

  • provide data subjects with information on the purpose of data processing, the recipients of the data and additional information necessary to ensure fair and transparent processing (such as information on profiling of data subjects). This information should be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to children;
  • report data breaches to a “supervisory authority” (generally, within 72 hours after becoming aware of the breach), and in some cases to the data subjects themselves;
  • comply with demands of individuals to erase their personal data without undue delay (in concert with the concept of the “right to be forgotten”); and
  • in some cases, to appoint a representative in the EU.

Violation of certain provisions of the GDPR may lead to a fine of up to €20 million or 4% of the total worldwide turnover (whichever is higher).

 

Companies are provided a two-year transition period as the GDPR will become applicable from May 25, 2018. It will be applicable in all EU Member States, with no need for national legislation.

 

As mentioned above, the GDPR may be applicable to companies irrespective of whether they are physically present in the EU. Accordingly, businesses are encouraged to examine whether their activities fall within the scope of the GDPR and, if so, to use the transition period, until the GDPR becomes applicable, in order to ensure that their policies and practices are aligned with the requirements of the GDPR.

 

Gornitzky’s Cyber-Security, Privacy and Data Protection team offers clients a well-rounded multidisciplinary approach to navigating the emerging regulatory and legal frameworks in the field of cyber security, privacy and data protection.

 

 

For further information on these developments, please feel free to contact: Timor Belan (Partner), Assaf Harel (Associate)

 

Download as PDF

 

This client update is designed to provide general information only, is not a full or complete analysis of the matters presented, and may not be relied upon as legal advice.

June 10th, 2012

Current regulation of publicly-traded companies is extremely cumbersome, especially for smaller companies, thus imposing enormous costs and creating significant barriers on the ability of such companies to raise capital. Following the recently enacted American CROWDFUND Act and JOBS Act, authors Dr. Zvi Gabbay (Partner) and Yoav Meer call for the adoption of similar measures by the Israeli legislature.

Current regulation of publicly-traded companies is extremely cumbersome, especially for smaller companies, thus imposing enormous costs and creating significant barriers on the ability of such companies to raise capital. Following the recently enacted American CROWDFUND Act and JOBS Act, authors Dr. Zvi Gabbay (Partner) and Yoav Meer call for the adoption of similar measures by the Israeli legislature, including allowing certain companies to raise money through crowdfunding (without considering such action a "public offering") and by providing regulatory exemptions to emerging growth companies and mini-offerings.

Hebrew Item
June 10th, 2012

Eyal Raz and Yisrael Spero analyze the right of first refusal as used in the corporate realm and interpreted by the Israeli courts, specifically, with regard to the revocability of the right. The authors challenge the Israeli courts' existing legal position, arguing that an offer given within the framework of a right of first refusal does not justify an irrevocable offer mechanism.

The article analyzes the right of first refusal as it used in the corporate realm and as interpreted by the Israeli courts, specifically, with regard to the revocability of the right. Authors Eyal Raz and Yisrael Spero challenge the Israeli courts' existing legal position, arguing that an offer given within the framework of a right of first refusal does not justify an irrevocable offer mechanism, given the right's underlying rationales and its particular attributes.

Hebrew Item