How to Prepare for the General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (the “GDPR”) was adopted by the EU Parliament last April 14, 2016. The GDPR will replace the EU Data Protection Directive (95/46/EC), which was implemented more than 20 years ago. After a two year transition period to integrate the new obligations, the GDPR will be directly applicable in all EU Member States in June 2018.

The GDPR’s aim is to unify data protection law within the European Union and increase data subjects’ rights (I). This involves strengthened obligations for companies in terms of compliance (II), as well as extended powers of Data Protection Authorities (“DPA”) (III)….




Rules on Monitoring an Employee’s Private Internet Use at Work: A New ECHR Decision

In a decision rendered on January 12, 2016, the European Court of Human Rights (“ECHR”) held that the dismissal of an employee for having used his professional email account for personal purposes during working hours did not violate Article 8 of the European Convention on Human Rights1.

The applicant, a Romanian national, was employed by a private company from 2004 to 2007 as an engineer in charge of sales. At the employer’s request, he created a Yahoo Messenger account to respond to client enquiries. In July 2007, the employee was informed by his employer that his Yahoo Messenger account had been monitored for a week and the records showed that he had used the device for personal purpose, whereas the company internal regulations expressly prohibited the use of company device (e.g., computers, telephones) for personal purposes….delonbouquet