An Approach for U.S. Companies to the GDPR

By. Michael H. Gladstone, Esq. 

Once GDPR applicability is determined, a host of significant responsibilities apply to US Controllers and Processors of EU subject personal data. The duties extend to the data subject, the EU and its supervising authority, and between Controllers and Processors. Significant adjustments may be required on both the security and informational side of Controller and Processor technology to comply with the notice and subject response obligations imposed on Controllers and Processors. The security by design concepts of the regulation will expose many gaps in current processing capacity. GDPR compliance management will become an administrative function in covered businesses whether or not they operate at a level requiring data processing assessments or designation of a DPO. Companies that resist compliance risk not just enforcement but loss of business relationships with customers obliged to comply.

Read More

GDPR Effective Date Imminent-Is Your Business Ready?

By: Michael H. Gladstone, Esq. 

On May 25, 2018, the European Union (EU)  “General Data Protection Regulation” (GDPR)  becomes effective.  Many U.S. businesses are just waking up to the possibility that this regulation may pertain to them. For U.S. entities with any contact with EU subjects and their personal data, the question whether the GDPR applies to them is a serious one which should be carefully studied. 

The GDPR imposes an extensive set of duties and burdens on “covered entities," and sets out breathtaking penalties for violation of the regulation. Breathtaking here means 4% of worldwide revenue, or 20 million Euros, not counting damages to the violated data subject. The scope of personal data covered by the regulation and utilized by data recipients and users (called “controllers” and “processors” of personal data) coupled with the GDPR’s  expanded territorial reach (compared to the predecessor EU rules concerning protection of personal data) ensures a significant number of U.S. businesses, which might intuitively or superficially conclude otherwise, may be covered by the regulation. The GDPR presents an unprecedented effort by a governmental unit to protect the privacy of its subjects’ personal data.  

Read More

McCandlish Holton Attorney Successful in Corporate Dissolution Suit

McCandlish Holton Director Michael H. Gladstone successfully represented a Virginia business in a corporate dissolution suit involving 50/50 shareholders instituted in the Richmond Circuit Court by the client’s former business partner. Two businesses, a corporation and a LLC, were implicated by the allegations of the complaint but the suit only addressed the corporation.  Counterclaims were filed and competing  purchase elections were made by the parties under Va. Code Section 13.1-749.1, presenting a case of apparent first impression to the trial Court.  Cooperative agreements between the parties and  counsel avoided expensive formal discovery.  Factual development of the case favored the client and the matter resolved through an advantageous sale of the client’s interest in both businesses to the original plaintiff.

Read More

McCandlish Holton Attorney Successfully Represented a Virginia Business

McCandlish Holton Director Michael H. Gladstone successfully represented a Virginia business in a claim removed from state court to the U.S. District Court on a life insurance policy covering one of the company’s key executives. The policy death benefit exceeded $1,000,000.  The insurer had denied the claim alleging material misrepresentations by the decedent in answering health-related questions on the insurance application.  After discovery depositions of several of the insurer’s executives, the litigation was resolved at mediation, avoiding the necessity of a trial. 

Read More