Note: This is the eighth post in an ongoing series on GDPR. We’ll be preparing you all the way to May 2018 on topics like: Privacy Protection and Breach Notification, GDPR Compliance Strategies, GDPR Enforcement and Penalties, Potential GDPR Costs, GDPR Auditing and more. Subscribe using the button on the right and you’ll be updated when we post a new article.
GDPR News & Notes and Compliance Updates
Only one month left!!! As the date for compliance with the European Union’s (EU) General Data Protection Requirement (GDPR), 25 May 2018, quickly approaches companies and organizations that are impacted by GDPR should be well on their way to compliance. Today we will look at some items in the news regarding GDPR and compliance updates. We are going to cover the Privacy Shield Framework, EU-U.S., and how it effects GDPR Compliance.
The U.S. and EU have consistently had varying views on privacy and data protection. The EU’s stance on the transfer of EU citizen data outside of the EU has often been tied to their views of the origin country’s privacy laws. The EU determined the U.S. privacy laws were not sufficient. The original framework for data transfers, Safe Harbour, was born to help organizations navigate the data transfer waters. Privacy Shield, which was agreed to in 2016 and is reviewed for updates annually, is a framework for data transfers between the U.S. and EU that was agreed to as a replacement to the previous Safe Harbour framework after it was determined to not be sufficient protection to privacy and data by the EU.
One of the determinations that the EU makes regarding allowing data transfers outside of the EU is whether the country offers an adequate level of data protection. Companies and organizations have the ability to join the Privacy Shield Framework and thus enjoy the benefit meeting the adequacy determination as the EU has deemed the Privacy Shield framework meets the obligations. Other benefits include requirements for approval of data transfers are waived as all Member States of the EU recognize Privacy Shield. Privacy Shield can be a cost effective way to meet the obligations to transfer data.
Being certified under Privacy Shield while definitely providing an understanding of the stringent requirements from the EU based on their view of privacy and data protection does not fully encompass GDPR or guarantee full GDPR compliance. It does however at a minimum give a decent head start to companies that are and have been a part of Privacy Shield.
Every day private citizens are becoming more educated about privacy and their personal data and what companies and organizations do with that data. With every data breach citizens become less trusting that organizations are doing everything they can to protect the data. The EU has taken a more stringent stance on the protection of private citizens’ data and with the impending GDPR timeline of 25 May 2018 the serious stance will apply to U.S. companies and organizations. There are still uncertainties about how GDPR will be enforced and many countries still use a patchwork of industry regulations to increase data security. As it pertains to the EU and its citizens though data protection and rights to privacy are taking center stage. Companies must remain aware of changes to Privacy Shield and GDPR best practices moving forward.