SlideShare a Scribd company logo

How To Do Data Transfers Between EU-US in 2023

TrustArc
TrustArc

This document provides an overview and agenda for a webinar on how to do data transfers between the EU and US in 2023. It discusses where the EU-US data transfer framework currently stands, what additional safeguards are still needed according to European regulators, and differences between UK and EU GDPR. Attendees are polled on their previous and current use of data transfer mechanisms. The speakers will cover what constitutes a data transfer, the expected new EU-US data privacy framework agreement, Standard Contractual Clauses and other tools for international data transfers, and additional safeguards organizations have implemented.

Technology
1 of 17
Download to read offline
1 1 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
2 2 © 2022 TrustArc Inc. Proprietary and Confidential Information. How To Do Data Transfers Between EU-US in 2023
3 3 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
4 4 Agenda • What are data transfers • Where does the EU-U.S. Data Transfer Framework stand today? • What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • UK GDPR vs EU GDPR • How SCCs can be used for cross-border data transfers • Risk mitigation for international data transfers
5 5 Polling Question: Has your company previously been involved in transferring personal data between the EU and US?
6 6 • The EDPB has identified three criteria that qualify a processing as a transfer: 1. A controller or a processor is subject to the GDPR for the given processing. 2. This controller or processor (“exporter”) discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”). 3. The importer is in a third country or is an international organisation, irrespective of whether or not this importer is subject to the GDPR in respect of the given processing in accordance with Article 3. • A transfer requires ○ Movement from a organisation (exporter) to organisation (importer) ○ ie. C-P, P-C, P-P, C-C… ○ Need to consider onward transfers ○ Regardless of GDPR coverage due to extra territorial extent • Direct collection NOT a transfer • Employees taking laptops abroad NOT a transfer • Remote support from India (example) IS a transfer • Processor in EU subject to US authorities COULD be a transfer! https://edpb.europa.eu/system/files/2023-02/edpb_guidelines_05-2021_interplay_between_the_application_of_art3-chapter_v_of_the_gdpr_v2_en_0.pdf What Is and Isn’t a Transfer
7 7 Polling Question: What are you currently using for the transfer of personal data between the EU and US?
8 8 • A new EU-U.S. transatlantic data flow agreement is expected to be finalized by the Fall of 2023 • The EU-U.S. Data Privacy Framework will enable the flow of personal data from ‘data exporters’ in the EU to ‘data importers’ in the U.S. who have signed up to the agreement • The Framework offers a flexible alternative to the European Commission’s Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), which multinationals with a presence inside and out of the EU must otherwise use to share personal data (absent some small exceptions) Where Does The EU-U.S. Data Transfer Framework Stand Today?
9 9 What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • Protections against automated decision making • Restrictions on bulk collection & retention • Independent redress mechanism
10 10 Polling Question: Which additional safeguards have you implemented to mitigate the risks associated with international data transfers between the EU and US?
11 11 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2023 Data Protection and Digital Information Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021 A further layer of track changes! UK Data Protection History Data Protection laws
12 12 UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT UK GDPR versus EU GDPR EVERYTHING AND NOTHING CHANGED!
13 13 • ICO no longer an EU supervisory body, Cannot attend EDPB • Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc) • UK now a “Third Country”, granted six months to gain adequacy by European Commission • UK DSIT takes on “EC role” including the power to grant UK adequacy decisions • UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” • New ICO John Edwards took up post in Jan 2021 • ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex Real Changes… 1st January 2020+ = UK GDPR
14 14 Polling Question: Which data protection regulations do you think will have the greatest impact on international data transfers between the EU and US in 2023?
15 15 How To Do Cross-Border Data Transfers Re-evaluate at appropriate intervals Take formal procedural steps Identify and adopt supplementary measures Assess sufficiency of non-EEA protections Verify the transfer tool Know your transfers STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 STEP 6
16 16 Q&A
17 17 Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
Matthew Butler
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018
Pierre Ammeloot
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
GDPR 2.0 - Data Controllers v Processors
GDPR 2.0 - Data Controllers v ProcessorsGDPR 2.0 - Data Controllers v Processors
GDPR 2.0 - Data Controllers v Processors
Adam Wood
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
Gydeline Ltd
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
pi
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
Unisys Corporation
 
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR ReformsTrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 

More Related Content

What's hot

General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 

What's hot (20)

GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
Data protection
Data protectionData protection
Data protection
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
GDPR
GDPRGDPR
GDPR
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
GDPR 2.0 - Data Controllers v Processors
GDPR 2.0 - Data Controllers v ProcessorsGDPR 2.0 - Data Controllers v Processors
GDPR 2.0 - Data Controllers v Processors
 
Data protection
Data protectionData protection
Data protection
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 

Similar to How To Do Data Transfers Between EU-US in 2023

Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New Normal
Executive Leaders Network
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
TrustArc
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
Paul Richards
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
Keith Purves
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
PECB
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
TrustArc
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
John Nas
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
Spoon London
 

Similar to How To Do Data Transfers Between EU-US in 2023 (20)

TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR ReformsTrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New Normal
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Brexit Webinar Series 3
Brexit Webinar Series 3Brexit Webinar Series 3
Brexit Webinar Series 3
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 

More from TrustArc

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
TrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
TrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
TrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
TrustArc
 

More from TrustArc (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

How To Do Data Transfers Between EU-US in 2023

  • 1. 1 1 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 2. 2 2 © 2022 TrustArc Inc. Proprietary and Confidential Information. How To Do Data Transfers Between EU-US in 2023
  • 3. 3 3 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
  • 4. 4 4 Agenda • What are data transfers • Where does the EU-U.S. Data Transfer Framework stand today? • What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • UK GDPR vs EU GDPR • How SCCs can be used for cross-border data transfers • Risk mitigation for international data transfers
  • 5. 5 5 Polling Question: Has your company previously been involved in transferring personal data between the EU and US?
  • 6. 6 6 • The EDPB has identified three criteria that qualify a processing as a transfer: 1. A controller or a processor is subject to the GDPR for the given processing. 2. This controller or processor (“exporter”) discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”). 3. The importer is in a third country or is an international organisation, irrespective of whether or not this importer is subject to the GDPR in respect of the given processing in accordance with Article 3. • A transfer requires ○ Movement from a organisation (exporter) to organisation (importer) ○ ie. C-P, P-C, P-P, C-C… ○ Need to consider onward transfers ○ Regardless of GDPR coverage due to extra territorial extent • Direct collection NOT a transfer • Employees taking laptops abroad NOT a transfer • Remote support from India (example) IS a transfer • Processor in EU subject to US authorities COULD be a transfer! https://edpb.europa.eu/system/files/2023-02/edpb_guidelines_05-2021_interplay_between_the_application_of_art3-chapter_v_of_the_gdpr_v2_en_0.pdf What Is and Isn’t a Transfer
  • 7. 7 7 Polling Question: What are you currently using for the transfer of personal data between the EU and US?
  • 8. 8 8 • A new EU-U.S. transatlantic data flow agreement is expected to be finalized by the Fall of 2023 • The EU-U.S. Data Privacy Framework will enable the flow of personal data from ‘data exporters’ in the EU to ‘data importers’ in the U.S. who have signed up to the agreement • The Framework offers a flexible alternative to the European Commission’s Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), which multinationals with a presence inside and out of the EU must otherwise use to share personal data (absent some small exceptions) Where Does The EU-U.S. Data Transfer Framework Stand Today?
  • 9. 9 9 What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • Protections against automated decision making • Restrictions on bulk collection & retention • Independent redress mechanism
  • 10. 10 10 Polling Question: Which additional safeguards have you implemented to mitigate the risks associated with international data transfers between the EU and US?
  • 11. 11 11 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2023 Data Protection and Digital Information Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021 A further layer of track changes! UK Data Protection History Data Protection laws
  • 12. 12 12 UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT UK GDPR versus EU GDPR EVERYTHING AND NOTHING CHANGED!
  • 13. 13 13 • ICO no longer an EU supervisory body, Cannot attend EDPB • Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc) • UK now a “Third Country”, granted six months to gain adequacy by European Commission • UK DSIT takes on “EC role” including the power to grant UK adequacy decisions • UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” • New ICO John Edwards took up post in Jan 2021 • ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex Real Changes… 1st January 2020+ = UK GDPR
  • 14. 14 14 Polling Question: Which data protection regulations do you think will have the greatest impact on international data transfers between the EU and US in 2023?
  • 15. 15 15 How To Do Cross-Border Data Transfers Re-evaluate at appropriate intervals Take formal procedural steps Identify and adopt supplementary measures Assess sufficiency of non-EEA protections Verify the transfer tool Know your transfers STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 STEP 6
  • 17. 17 17 Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.