2015 introduced some remarkable changes in the global regulatory environment, the most noteworthy being the European court ruling that invalidated the EU-US Safe Harbor Agreement. This has left many businesses scrambling to determine what they must do to comply with Europe's strict data protection laws.
2. 2015 introduced some remarkable
changes in the global regulatory
environment, the most noteworthy being
the European court ruling that invalidated
the EU-US Safe Harbor agreement.
3. This has left many businesses
scrambling to determine what they
must do to comply with Europe’s strict
data protection laws.
4. EU member states have domestic
laws that enforce the EU Data
Privacy Directive.
Listen to the
webinar
5. The laws apply to a “Data Controller
who processes the personal data of
an EU Data Subject”
Listen to the
webinar
6. How does this affect US and other
non-EU organizations?
Listen to the
webinar
7. A data controller must abide by the
laws of the member state in which
they are established.
Listen to the
webinar
8. “Establishment”
in relation to data
protection is easily
triggered — simply
using equipment in the
EU can be enough.
Listen to the
webinar
9. All statutory responsibility and
liability for the data, even when it
is transferred to other third parties
or countries, remains with the
data controller.
Listen to the
webinar
10. Data controllers are prohibited from
transferring EU data to countries
with less robust protection.
Listen to the
webinar
11. In order for this data transfer to be
legal, one of the following security
measures must be implemented.
Listen to the
webinar
12. Consent
Express individual consent for each and
every transfer of data, which needs to be
“unambiguous and freely given” and can be
withdrawn any time.
Listen to the
webinar
13. Standard Clauses
EU standard clauses bind the importer
contractually to EU statutory standards,
provide data subjects with third-party
beneficiary rights and open the importer to
audits and full disclosure of sub-processors
— with no limits on liability.
Listen to the
webinar
14. Binding Corporate Rules
Developing Binding Corporate Rules involves
a big investment of time and energy and is
most suitable for large multinationals with a
complex matrix of affiliated companies. It is
not suitable for transfers to third parties.
Listen to the
webinar
16. If you are an EU data controller, don’t
get blindsided by safe harbor.
Listen to the
webinar
17. Ensure that your other data
protection requirements are
fulfilled in each country in which
you are a data controller.
Listen to the
webinar
18. EU data protection requires
compliance in four key areas.
Listen to the
webinar
19. Collection
Full notification for the reasons why data is
being collected and what is going to happen
to that data as well as evidence of the
individual’s consent.
Listen to the
webinar
20. Handling
Once data has been collected, a controller
must have adequate systems in place to
ensure that it is handled in accordance with
the law — having and following a compliant
internal data protection policy is an absolute
minimum.
Listen to the
webinar
21. Transfer
You remain responsible even when the data is
being processed by your third party vendors,
so make sure you only select vendors that
have robust internal security controls.
Listen to the
webinar
22. Registration
EU member states require a data controller to
be registered if they are established there.
Listen to the
webinar
23. EU data subjects are now hyper
sensitive to data privacy — they know
their rights and they want to know
that companies are complying.
Listen to the
webinar
24. The primary threat to your business
comes from individual claims rather
than regulatory investigations.
Listen to the
webinar
25. Think data protection PR!
Ensure individuals do not have a reason to
question your data privacy standards. Avoid
this by making sure data subjects receive
notification and consent statements and
have access to a comprehensive data privacy
policy. Also ensure that you are registered as
a data controller.
Listen to the
webinar
26. Be mindful that the EU data
protection landscape will
change in the future.
Listen to the
webinar
27. The legitimacy of EU standard clauses
may be challenged and new EU data
protection regulations will likely be
introduced. EU-based data centers
are also becoming more common.
Listen to the
webinar
28. If the recent European court ruling on Safe
Harbor has affected your business or made
you aware of EU data privacy duties you
never thought you had, listen to our webinar
to learn about life after Safe Harbor.
Listen to the
webinar
29. Get global updates and other important
information delivered to your email.
www.radiusworldwide.com
Subscribe to
the Blog
30. Get global updates and other important
information delivered to your email.
www.radiusworldwide.com
Subscribe to
the Blog
If you have European operations, make
sure your know your obligations.
HR
OBLIGATIONS
ABROAD
A FOCUS ON EUROPE
View the Slideshare