eu data protection requirements post-safe harbor

EU DATA PROTECTION REQUIREMENTS POST-SAFE HARBORNOW WHAT?

2015 introduced some remarkable changes in the global regulatory

environment, the most noteworthy being the European court ruling that invalidated

the EU-US Safe Harbor agreement.

http://www.radiusworldwide.com

This has left many businesses scrambling to determine what they

must do to comply with Europe’s strict data protection laws.

EU member states have domestic laws that enforce the EU Data

Privacy Directive.

Listen to the webinar

http://www.radiusworldwide.com/knowledge/events/webinar-data-protection-safe-harbor-2015?&utm_source=Slideshare&utm_medium=Social&utm_term=DataProtect&utm_content=webinar&utm_campaign=Webinar.DataProtect.2015.11

The laws apply to a “Data Controller who processes the personal data of

an EU Data Subject”

How does this affect US and other non-EU organizations?

A data controller must abide by the laws of the member state in which

they are established.

“Establishment” in relation to data

protection is easily triggered — simply

using equipment in the EU can be enough.

All statutory responsibility and liability for the data, even when it

is transferred to other third parties or countries, remains with the

data controller.

Data controllers are prohibited from transferring EU data to countries

with less robust protection.

In order for this data transfer to be legal, one of the following security measures must be implemented.

ConsentExpress individual consent for each and every transfer of data, which needs to be “unambiguous and freely given” and can be withdrawn any time.

Standard ClausesEU standard clauses bind the importer contractually to EU statutory standards, provide data subjects with third-party beneficiary rights and open the importer to audits and full disclosure of sub-processors — with no limits on liability.

Binding Corporate RulesDeveloping Binding Corporate Rules involves a big investment of time and energy and is most suitable for large multinationals with a complex matrix of affiliated companies. It is not suitable for transfers to third parties.

Which security measure should I use?

If you are an EU data controller, don’t get blindsided by safe harbor.

Ensure that your other data protection requirements are

fulfilled in each country in which you are a data controller.

EU data protection requires compliance in four key areas.

CollectionFull notification for the reasons why data is being collected and what is going to happen to that data as well as evidence of the individual’s consent.

HandlingOnce data has been collected, a controller must have adequate systems in place to ensure that it is handled in accordance with the law — having and following a compliant internal data protection policy is an absolute minimum.

TransferYou remain responsible even when the data is being processed by your third party vendors, so make sure you only select vendors that have robust internal security controls.

RegistrationEU member states require a data controller to be registered if they are established there.

EU data subjects are now hyper sensitive to data privacy — they know

their rights and they want to know that companies are complying.

The primary threat to your business comes from individual claims rather

than regulatory investigations.

Think data protection PR! Ensure individuals do not have a reason to question your data privacy standards. Avoid this by making sure data subjects receive notification and consent statements and have access to a comprehensive data privacy policy. Also ensure that you are registered as a data controller.

Be mindful that the EU data protection landscape will

change in the future.

The legitimacy of EU standard clauses may be challenged and new EU data protection regulations will likely be introduced. EU-based data centers are also becoming more common.

If the recent European court ruling on Safe Harbor has affected your business or made

you aware of EU data privacy duties you never thought you had, listen to our webinar

to learn about life after Safe Harbor.

Get global updates and other important information delivered to your email.

www.radiusworldwide.com

Subscribe to the Blog

http://www.radiusworldwide.com/

https://www.facebook.com/RadiusWW

https://www.linkedin.com/company/radius-worldwide

https://plus.google.com/+Radiusworldwide/posts

https://twitter.com/RadiusWW

http://www.radiusworldwide.com/content/radius-blog-subscription?&utm_source=Slideshare&utm_medium=Social&utm_term=Blog&utm_content=blogsubscribe&utm_campaign=blog.subscribe.2015.10