In May 2018 - merely 14 months from now - the European Union’s (EU) General Data Protection Regulation (GDPR) will go into effect. Organizations established in the European Economic Area (EEA) are subject to the GDPR and must abide by its rules with respect to the collection, processing, and transfer of personal data. And as we explained last year, health care and other organizations not established in the EEA that collect or process European personal data (by offering goods or services to individuals in the EEA or monitoring their behavior) are also subject to the GDPR - a controversial extraterritorial reach.
*This alert was originally posted on Arent Fox's Health Care Counsel blog. To read this alert in its entirety, please click here.