GDPR & Eu Data Transfer Privacy Assessments
The Privacy Shield, the substitute of the defunct Safe Harbor mechanism for international transfers outside the EU, has been considered by several data protection authorities and the Article 29 Working Party as providing insufficient levels of protection for Europeans’ personal data.
Companies should begin planning and implementing measures ready for the new General Data Protection Regulation, due by the Northern Summer of 2018. The higher standards of protection for personal data, as well as the extremely high penalties imposed by the new regulation,will be reflected in any new mechanism that is approved for cross-border transfers.
What can companies do while waiting for further developments?
The two mechanisms still available to allow data flows to third parties present some limitations. While Corporate Binding Rules can only be used within the confines of a multinational corporate group and require considerable time and investment to prepare, standard contract clauses require separate agreements without any variations with each recipient of the data outside the EU. They are not going to be sufficient to face the new changes precipitated by the new GDPR.
Privalis Group can assist your business:
- Review internal data protection practices and bring them more in line with the new regulatory demands while continuing to consider any pre-existing efforts to establish Binding Corporate Rules or Standard Contract Clauses.
- To design jurisdictional solutions, (such as EU-based hosting facilities and data sharing arrangements) pending a final solution to the cross-border transfers.
- To act as your company's Data Protection Officer or assist in the design and articulation your company's Data Protection Office as the central figure driving compliance initiatives in the international regulatory field.