Practical Tips on GDPR for Intellectual Property Attorneys
| Author | Patrick Wheeler - Mette Marie Kennedy |
| Position | Patrick Wheeler is a partner at Collyer Bristow LLP and heads the Intellectual Property and Data Privacy teams. His practice covers commercial agreements, regulatory compliance, litigation, and ADR. He can be reached at patrick.wheeler@collyerbristow. com. Mette Marie Kennedy is an associate at Collyer Bristow LLP in the Intellectual Property... |
| Pages | 52-55 |
Published in Landslide® magazine, Volume 11, Number 3, a publication of the ABA Section of Intellectual Property Law (ABA-IPL), ©2018 by the American Bar Association. Reproduced with permission. All rights reserved.
This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.
of regulatory bodies to issue nes as part of their enforcement
powers. The maximum ne that can be imposed is the greater
of €20 million (approximately US$22 million) or 4 percent of
worldwide turnover of a corporate group.
This article examines some issues that may be of particu-
lar interest or concern to intellectual property practitioners in
a variety of different contexts, and provides some practical
tips to assist in complying with the GDPR.
Personal Data Required for Intellectual Property
Applications and Registrations
Under the GDPR, intellectual property attorneys will need
valid legal grounds to collect, keep, and communicate per-
sonal data5 about individuals and to share those data with
anyone else. This includes patent, trademark, and design
ofces; overseas attorneys; corporate or institutional clients;
opponents; or any other third-party service providers.
One key question for intellectual property practitioners will
be whether they are acting as joint or sole data controllers, or as
data processors of personal data. The distinction between them
is easy to state but hard to apply. A controller is responsible for
determining the purposes and means of processing personal
data, while a processor does not decide the purposes of process-
ing (although it may decide the means) but rather undertakes the
processing on behalf of a controller. A straightforward illustra-
tion is the situation where a business outsources its payroll to
an IT services company. The business will be the controller of
the personal data of its employees. It alone will determine that it
Patrick Wheeler is a partner at Collyer Bristow LLP and heads
the Intellectual Property and Data Privacy teams. His practice
covers commercial agreements, regulatory compliance, litigation,
and ADR. He can be reached at patrick.wheeler@collyerbristow.
com. Mette Marie Kennedy is an associate at Collyer Bristow LLP
in the Intellectual Property and Data Privacy teams. Her practice
encompasses both contentious and noncontentious matters across
the full range of intellectual property rights and data protection. She
can be reached at mettemarie.kennedy@collyerbristow.com.
Practical Tips
on
GDPR
for
Intellectual Property
Attorneys
By Patrick Wheeler and Mette Marie Kennedy
T
he General Data Protection
Regulation (GDPR) came into
force throughout the European Union (EU) on
May 25, 2018.1 Whether you are a “data con-
troller”2 or a “data processor”3 (see below),
it makes no difference that your business is
located outside the EU. The GDPR affects
all businesses that deal in any way with the
personal data of living individuals who are
located in the EU.
The regulatory requirements of the GDPR
should therefore be observed not only by cli-
ents, but also by legal advisers in their dealings
with and on behalf of clients. While the changes in data privacy
law that have been introduced are properly described as “an
evolution in data protection, not a revolution,”4 the most sig-
nicant change and the reason why most businesses are paying
close attention to compliance is the greatly extended powers
To continue reading
Request your trial