Upload
radius-global-growth-experts
View
688
Download
0
Embed Size (px)
Citation preview
EU DATA PROTECTION REQUIREMENTS POST-SAFE HARBORNOW WHAT?
2015 introduced some remarkable changes in the global regulatory
environment, the most noteworthy being the European court ruling that invalidated
the EU-US Safe Harbor agreement.
This has left many businesses scrambling to determine what they
must do to comply with Europe’s strict data protection laws.
EU member states have domestic laws that enforce the EU Data
Privacy Directive.
Listen to the webinar
The laws apply to a “Data Controller who processes the personal data of
an EU Data Subject”
Listen to the webinar
How does this affect US and other non-EU organizations?
Listen to the webinar
A data controller must abide by the laws of the member state in which
they are established.
Listen to the webinar
“Establishment” in relation to data
protection is easily triggered — simply
using equipment in the EU can be enough.
Listen to the webinar
All statutory responsibility and liability for the data, even when it
is transferred to other third parties or countries, remains with the
data controller.
Listen to the webinar
Data controllers are prohibited from transferring EU data to countries
with less robust protection.
Listen to the webinar
In order for this data transfer to be legal, one of the following security measures must be implemented.
Listen to the webinar
ConsentExpress individual consent for each and every transfer of data, which needs to be “unambiguous and freely given” and can be withdrawn any time.
Listen to the webinar
Standard ClausesEU standard clauses bind the importer contractually to EU statutory standards, provide data subjects with third-party beneficiary rights and open the importer to audits and full disclosure of sub-processors — with no limits on liability.
Listen to the webinar
Binding Corporate RulesDeveloping Binding Corporate Rules involves a big investment of time and energy and is most suitable for large multinationals with a complex matrix of affiliated companies. It is not suitable for transfers to third parties.
Listen to the webinar
Which security measure should I use?
Listen to the webinar
If you are an EU data controller, don’t get blindsided by safe harbor.
Listen to the webinar
Ensure that your other data protection requirements are
fulfilled in each country in which you are a data controller.
Listen to the webinar
EU data protection requires compliance in four key areas.
Listen to the webinar
CollectionFull notification for the reasons why data is being collected and what is going to happen to that data as well as evidence of the individual’s consent.
Listen to the webinar
HandlingOnce data has been collected, a controller must have adequate systems in place to ensure that it is handled in accordance with the law — having and following a compliant internal data protection policy is an absolute minimum.
Listen to the webinar
TransferYou remain responsible even when the data is being processed by your third party vendors, so make sure you only select vendors that have robust internal security controls.
Listen to the webinar
RegistrationEU member states require a data controller to be registered if they are established there.
Listen to the webinar
EU data subjects are now hyper sensitive to data privacy — they know
their rights and they want to know that companies are complying.
Listen to the webinar
The primary threat to your business comes from individual claims rather
than regulatory investigations.
Listen to the webinar
Think data protection PR! Ensure individuals do not have a reason to question your data privacy standards. Avoid this by making sure data subjects receive notification and consent statements and have access to a comprehensive data privacy policy. Also ensure that you are registered as a data controller.
Listen to the webinar
Be mindful that the EU data protection landscape will
change in the future.
Listen to the webinar
The legitimacy of EU standard clauses may be challenged and new EU data protection regulations will likely be introduced. EU-based data centers are also becoming more common.
Listen to the webinar
If the recent European court ruling on Safe Harbor has affected your business or made
you aware of EU data privacy duties you never thought you had, listen to our webinar
to learn about life after Safe Harbor.
Listen to the webinar
Get global updates and other important information delivered to your email.
www.radiusworldwide.com
Subscribe to the Blog
Get global updates and other important information delivered to your email.
www.radiusworldwide.com
Subscribe to the Blog
If you have European operations, make sure your know your obligations.
HR OBLIGATIONS ABROADA FOCUS ON EUROPE
View the Slideshare