Expanded Scope
Applies to all EU organizations that control or process the personal data of EU residents. It also applies to non-EU companies whose processing activities relate to the offering of goods and services or behavior monitoring in the EU.
Data Governance Requirements
Obligations include conducting privacy impact assessments, audits and policy reviews; maintaining activity records; and, in certain circumstances, appointing a data protection officer.
Independent Liability for Processors
The GDPR extends liability to processors and imposes requirements for data processing agreements, controller instructions, and recordkeeping and consent when using sub-processors.
Expanded Rights of Data Subjects
Subjects have the right to understand what personal data is being held, withdraw consent, and request the deletion of all personal information.
Lawful Grounds for Processing
Establishes the lawful bases for which companies may process personal data and mechanisms for data transfers.
Meet Our Expert
Jamie Brown
Vice President of Global Advisory Services
As the Vice President of Global Advisory Services, Jamie focuses on information law, compliance, and governance issues. She has more than 17 years of in-house, government, and law firm experience, which she draws upon to advise corporations, particularly those in heavily regulated industries, on legal and compliance risk mitigation strategies. Common areas include ediscovery, digital investigations, data protection, legacy data remediation, and IT transformation initiatives.
Jamie has worked for several leading financial institutions, including UBS in New York, where she was an Executive Director in Legal and Compliance and responsible for designing, implementing, and managing a centralized litigation and investigations response program to support the firm’s litigation and investigation matters worldwide. Jamie also worked for Barclays, leading and implementing a global program to reduce legal, regulatory, and privacy risk associated with legacy systems and data.
Prior to corporate, Jamie spent several years in government service, first as a trial attorney in the Division of Enforcement at the U.S. Commodity Futures Trading Commission in Washington, D.C., and later, as Assistant General Counsel for the Agency, where she advised Enforcement attorneys on investigation techniques, strategies, and protocols on cases with global prominence. She also managed several key congressional investigations, Inspector General investigations, and internal investigations, including advising the Commission on strategy and risk mitigation.
Jamie has testified in federal court and has qualified as an ediscovery expert. In her corporate and government roles, she served as a 30(b)(6) designee for formal and informal testimony, and regularly interfaced with regulators and Congress on ediscovery strategy and internal practices. Independently, Jamie has advised corporate legal departments on ediscovery best practices and operating model development and enhancement, particularly in the face of regulatory scrutiny.
Jamie began her career as a litigation and government investigations associate at King and Spalding in Washington, D.C., and later, was a litigation partner at Fennemore Craig, in Phoenix, Arizona. Jamie is a graduate of Duke Law School and Arizona State University and a former law clerk to the Honorable Roslyn O. Silver of the U.S. District Court for the District of Arizona. She is a frequent speaker and lecturer at educational events and legal conferences internationally.
