The General Data Protection Regulation (“GDPR”) comes into force on May 25, 2018. It replaces current EU privacy laws under the European Data Protection Directive, and applies to the processing of personal data of individuals in the EU.


An explanation of what GDPR is and why it is important (4:08)

What should U.S. companies be doing ahead of the May 25 GDPR deadline? (2:08)

With a dual-qualified US/UK attorney (Colorado and England and Wales) with over 20 years EU privacy expertise, our team is uniquely qualified to counsel US and EU clients on data protection compliance, international privacy strategies, and the development of worldwide privacy and data protection policies and procedures.

How We Can Help

  • Analysis of the territorial reach of the General Data Protection Directive (“GDPR”) to non-EU organizations, and associated jurisdictional issues.
  • Analysis of compliance obligations for non-EU entities under GDPR and pragmatic counseling on best practice for compliance strategies.
  • Managing the transfer of personal data between the EU and the U.S., in light of the EU Privacy Shield, GDPR, and any legislative changes that may arise as a result of BREXIT.
  • Analysis and counseling regarding GDPR compliance obligations with respect to the appointment of data protection officers and EU representatives, lawful processing, accountability, security, cooperation and consultation, breach notification, data subject rights and transfers of personal data to third countries.
  • Compliance counseling, information governance and regulatory guidance at international, federal, state, and local levels.
  • M&A diligence related to privacy and data protection concerns.
  • Drafting of GDPR-related clauses in M&A and other commercial transactions.
  • Advice related to GDPR compliance policies and procedures, and provision of training related to the same.
  • Establishing corporate governance policies and procedures that implement, adhere to, and monitor updated information and cybersecurity programs.

Recent Experience

  • Analysis of the territorial reach of GDPR to an international airline, and advice regarding establishment of a GDPR compliance program.
  • Analysis of the territorial reach of GDPR to certain US government contractors and advice relating to the processing of healthcare information for research purposes.
  • Analysis of the territorial reach of GDPR to US affiliates of an international hospitality brand.
  • GDPR and privacy M&A due diligence advice to an international company in connection with its purchase of a US based entity.
  • GDPR compliance and privacy-related advice for an international software company.
  • Preparation of data processing addenda for both data processors and data controllers, in each case including GDPR flow down provisions.
  • Preparation of GDPR compliant privacy policies.

GDPR and Privacy Counseling Publications

Widget Image

Unless you are a current client of Holland & Hart LLP, please do not send any confidential information by email. If you are not a current client and send an email to an individual at Holland & Hart LLP, you acknowledge that we have no obligation to maintain the confidentiality of any information you submit to us, unless we have already agreed to represent you or we later agree to do so. Thus, we may represent a party adverse to you, even if the information you submit to us could be used against you in a matter, and even if you submitted it in a good faith effort to retain us.