The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Privacy is not a choice and it should not be the price played for our access to internet. We live in an era where everything is digitalized and anybody and everybody, from a child to a 70 year old accesses the same on a regular basis. Great advances in the technological field constitute a greater danger to the privacy of every individual. The constant question that arises is whether the data principal consents to the information provided and disseminated Mercerization of personal information has opened pits of security breaches and data privacy problems. When one consents to provide his data, does he consent to the dissemination of the same The very idea that consumers must make a trade off between privacy and security has been wiped away by the very enactment of the General Data Protection Regulation. This paper stands as proof that, GDPR is the answer to all the data privacy questions and problems faced by the society. The author briefs through the history of enactment EU GDPR and its necessity. The paper brings out both the endless advantages of GDPR as well as the few disadvantages present. The extensive research on GDPR has prompted the author to attract attention to the key changes seen after the implementation of GDPR and the robust data privacy regime built by its awakening. The main cerebration of the authors by referring to the above submissions is that GDPR is a need of the hour and is for the betterment of the society as a whole. Pranaya Dayalu | M. Punnagai ""GDPR: A Privacy Regime"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23460.pdf
Paper URL: https://www.ijtsrd.com/humanities-and-the-arts/other/23460/gdpr-a-privacy-regime/pranaya-dayalu
Data Privacy vs. National Security post Safe HarborGayle Gorvett
Recent Developments in Transatlantic Data Privacy regulation including adoption of Privacy Shield, GDPR and increasing requests for data access for National Security
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
Amid mounting criticism of Ireland’s privacy watchdog, top European Commission official Didier Reynders has come to Dublin’s defense, brushing off calls to penalize the country over claims it has failed to uphold Europeans’ privacy rights.
The defense, in a letter to MEPs, comes after lawmakers including Sophie in ‘t Veld and Tineke Strik from the Netherlands and Cornelia Ernst and Birgit Sippel from Germany urged the EU executive to open a disciplinary procedure against Dublin.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Privacy is not a choice and it should not be the price played for our access to internet. We live in an era where everything is digitalized and anybody and everybody, from a child to a 70 year old accesses the same on a regular basis. Great advances in the technological field constitute a greater danger to the privacy of every individual. The constant question that arises is whether the data principal consents to the information provided and disseminated Mercerization of personal information has opened pits of security breaches and data privacy problems. When one consents to provide his data, does he consent to the dissemination of the same The very idea that consumers must make a trade off between privacy and security has been wiped away by the very enactment of the General Data Protection Regulation. This paper stands as proof that, GDPR is the answer to all the data privacy questions and problems faced by the society. The author briefs through the history of enactment EU GDPR and its necessity. The paper brings out both the endless advantages of GDPR as well as the few disadvantages present. The extensive research on GDPR has prompted the author to attract attention to the key changes seen after the implementation of GDPR and the robust data privacy regime built by its awakening. The main cerebration of the authors by referring to the above submissions is that GDPR is a need of the hour and is for the betterment of the society as a whole. Pranaya Dayalu | M. Punnagai ""GDPR: A Privacy Regime"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23460.pdf
Paper URL: https://www.ijtsrd.com/humanities-and-the-arts/other/23460/gdpr-a-privacy-regime/pranaya-dayalu
Data Privacy vs. National Security post Safe HarborGayle Gorvett
Recent Developments in Transatlantic Data Privacy regulation including adoption of Privacy Shield, GDPR and increasing requests for data access for National Security
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
Amid mounting criticism of Ireland’s privacy watchdog, top European Commission official Didier Reynders has come to Dublin’s defense, brushing off calls to penalize the country over claims it has failed to uphold Europeans’ privacy rights.
The defense, in a letter to MEPs, comes after lawmakers including Sophie in ‘t Veld and Tineke Strik from the Netherlands and Cornelia Ernst and Birgit Sippel from Germany urged the EU executive to open a disciplinary procedure against Dublin.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
Is it legal or illegal to use american cloud services in Europe?
Patricia Ayojedi presentation about the controversial between USA an Europe regarding cloud business.
With GDPR on the horizon, businesses are expressing concerns over the pressures to prepare ahead of the 25th May. However, the process of compliance needn’t be so overwhelming...
En enero de este año, la Comisión Europea reveló un borrador de su Reglamento de Protección de Datos Europea para reemplazar la anterior Directiva de Protección de Datos.
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
The webinar covers:
• What is Safe Harbour, and how companies were relied on it
• How the end of it will affect US firms
• What will happen next
• How companies will react
• The implications of this act
• What is the solution to this
Presenter:
This session was hosted by Mr. Graeme Parker, Managing Director of Parker Solutions Group, a PECB representative in UK. Mr. Parker has more than 20 years of experience in information security, and data privacy, and was also involved with many companies that were relied on Safe Harbour.
Link of the recorded session published on YouTube: https://youtu.be/cbPUTVtxem0
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
1. 10 | KROLL ONTRACK | Report
“May you live in interesting times” is reportedly
the English translation of a Chinese curse.
Uncertainty and upheaval are not always
conducive to prosperity or productivity,
and this sentiment is particularly applicable
for in-house counsel and data protection
officers working with data in 2016.
Planned changes
The evolution of data protection legislation is
cyclical. Technology develops; legislation follows.
This pattern is what led to the creation of the EU
General Data Protection Regulation (GDPR) which
will replace the incumbent European Data Protection
Directive (95/46/EC). Introduced in 1996, the EU
Data Protection Directive provided European Union
citizens with protections designed to work with
the explosion of computer use. However, with the
advent of social media, greater internet use and
growing public concern for data protection, the
directive has reached the end of its natural lifespan.
Its successor, the EU GDPR (the directive), has been
developed to offer better protection for citizens, to
harmonise data protection regulation across the
European Union and to simplify intra-EU working.
For those working with data, the GDPR has been
anticipated for the past three years. However, the
regulation was only finalised in 2016, giving companies
just two years until it is enforced in May 2018.
The main points of interest are:
■■ Increased fines for breaches of the GDPR (up
to 4 percent of the annual global turnover).
■■ A "privacy by design" provision requiring data
protection to be designed into business services.
Ensure that measures are taken to protect data
from the start of a client or customer engagement.
■■ Explicit consent must be obtained for the collection
and processing of data. Contracts with clients or
customers should include a section on consent.
■■ Multinational companies working across the
European Union will be required to appoint an
independent Data Protection Officer. This will be
a challenging role to fulfil given the breadth of
knowledge required to manage both IT systems and
be familiar with the legal aspects of the GDPR.
■■ International companies based outside the European
Union, but which hold data inside the European
Union, will be subject to these regulations.
■■ A “right to erasure". A client or customer has the
right to request the erasing of personal data.
■■ Data will be prohibited from being transferred
outside the European Union without
approval from a supervisory body.1
The implications of GDPR will be widespread
and in-house counsel and compliance officers
will need to prioritise data protection, devoting
more time, and in some cases money, to ensuring
the conditions of the GDPR are being met. The
No Man is an Island:
The Battle for Data Privacy
2. NEW FRONTIERS IN EDISCOVERY | 11
penalties for non-compliance are high, elevating
compliance with data protection law to a similar level
of importance as compliance with anti-trust laws.
No port in a storm
In late 2015, the European Court of Justice declared
in the case Maximillian Schrems v. Data
Protection Commissioner (Case C-362/14)
that the “Safe Harbor Agreement” between the
European Union and the United States was invalid.
Schrems, an Austrian citizen, had concerns about
EU data being transferred from Facebook’s Irish
subsidiary to servers located in the United States.
He argued that the Safe Harbor agreement was
no longer sufficient in protecting the privacy of
European citizens, especially following Edward
Snowden’s revelations about the surveillance activities
of the United States Intelligence Community.
As the replacement legislation, the EU-U.S. Privacy
Shield was only finalised in July 2016, following
protracted discussions and a rejected draft agreement.
This left the 4,400 companies reliant on the agreement
in an uncertain legal position regarding transferring
data, relying on standard contractual clauses or
binding corporate rules for much of 2016.
EU-U.S. Privacy Shield
The finalised agreement shares some similarities
with the Safe Harbor. It relies on a similar approach
of self-certification but imposes significantly
greater obligations on participating organisations.
The basis for the agreement is centred on
the following seven privacy principles:
Notice: Organisations must provide individuals
with notice of the types of data collected and the
purposes of collection and be informed of third
parties who will receive their data, their right of
access to it and safeguards limiting the use and
disclosure of their personal data. The organisation
must also describe recourse mechanisms.
Choice: Organisations must provide clear and readily
available opt-out methods for disclosure of personal
data to third parties for purposes other than the one
for which it was originally collected. For sensitive
information (such as health information), individuals must
actively consent and opt in to their data being used.
Accountability for Onward Transfer: Privacy Shield
certificate holders must ensure that third-party contracts
include agreements that provide the same level of
protection as the organisation itself. They must agree
that data may only be processed for limited, specified
purposes consistent with the data subject’s consent.
The organisation will remain liable for a third party’s
violations unless it can prove that it was not responsible.
Security: Participating organisations need to
“take reasonable and appropriate measures to
protect [data] from loss, misuse and unauthorised
access, disclosure, alteration and destruction.”
These measures must be appropriate to the “risks
involved and the nature of the personal data.”
Data Integrity and Purpose Limitation: Data
collected must be “relevant for the purposes
of processing” and organisations must limit
collection to only relevant data, and it must
be accurate, complete, and current.
Access: Organisations must provide individuals
with access to their personal data and the
opportunity to correct, amend or delete information
that is inaccurate or processed in violation of
the principles outlined in Privacy Shield.
Recourse Enforcement and Liability: The Privacy
Shield agreement contains detailed mechanisms for
recourse and dispute resolution and those seeking
self-certification will need to implement complaints
procedures that meet these strict requirements.
3. 12 | KROLL ONTRACK | Report
In additional to these principles, the EU-U.S. Privacy
Shield will also:
■■ Introduce an Ombudsman to investigate any
complaints regarding access to data by the
United States Intelligence Community.
■■ Conduct a joint annual review by the European Union
and Department of Commerce of the program.
Brexit wounds?
As the European Commission and the U.S. Department
of Justice battled it out over a replacement for Safe
Harbor, the United Kingdom sought to end a decades
old debate over whether or not the country should
leave the European Union by holding a referendum
on the issue. Defying predictions made by pollsters,
pundits and politicians alike, the result – which saw
52 percent of the electorate opting to leave – shocked
the world. For in-house counsel and compliance
officers operating in the European Union and United
Kingdom, the decision once again plunged proceedings
into uncertainty regarding data protection laws.
Unlike the current Directive, the GDPR will be
unilaterally adopted across EU member states,
raising two key questions for the United Kingdom:
■■ What legislation will replace GDPR?
■■ How would Britain do business with European
Union countries operating under GDPR?
The United Kingdom currently operates under the
Data Protection Act, 1998, which was enacted to
bring British law in line with the Directive. At the
time of writing, Britain has yet to trigger Article 50
and formally start exit proceedings. Prime Minister
Theresa May has stated she will not trigger Article
50 until at least the end of the year to allow time to
prepare for negotiations. Once Article 50 is triggered,
experts in European Union constitutional law predict
that it will take two years for the exit to be finalised.
During this transition period, it is likely that the Data
Protection Act, 1998 will remain unchanged.
At first glance, no longer being subject to the
stringent conditions of GDPR may seem like a
positive consequence of Brexit. However, Brexit
is not simply a case of “in” or “out” and much of
the potential consequences of leaving depend on
whether or not Britain becomes part of the European
Economic Area (EEA) or completely severs ties.
If Britain does become part of the EEA, this would afford
Britain the same status as other European countries
such as Norway and Iceland. This would mean it
would be designated a ‘safe area’ under the GDPR.
In business terms, this would make data transfers
somewhat easier, assuming the European Union found
the United Kingdom’s safeguards to be appropriate.
Nevertheless, this would mean that the United Kingdom
would still be subject to the Directive and from May
2018 the GDPR, when transferring data across borders
to comply with legal obligations in other countries.
An EU-U.K. Privacy Shield?
If the United Kingdom does not become part of the EEA,
they would probably have to negotiate an agreement
similar to the EU-U.S. Privacy Shield in order for U.K.
companies to continue to transfer data between the
United Kingdom and countries in the European Union.
In this scenario, it is likely the Article 29
Working Party would suggest similar terms
to those applicable to the United States:
■■ An ombudsman to handle complaints from
European Union citizens about the United
Kingdom’s security services accessing their data.
■■ UK Security services / the Home Office to provide
written commitments that Europeans’ personal
data will not be subject to mass surveillance.
■■ An annual review or audit to check the
new system is working properly.
What do all these changes
mean for ediscovery?
We predict that 2017 will see a rise in demand for
mobile ediscovery solutions. The latest data protection
legislation (GDPR and the EU-U.S. Privacy Shield)
both impose greater obligations and greater fines for
violations than their predecessors. Mobile solutions
can assist with compliance in two ways; firstly by
processing data in-country, which removes the risks
associated with transferring data across borders.
Secondly, mobile ediscovery technology and predictive
coding technology in particular are adept at ensuring
only relevant data is transferred and disclosed.
The latest data protection legislation
(GDPR and the EU-U.S. Privacy Shield)
both impose greater obligations and
greater fines for violations than their
predecessors. Mobile solutions can assist
with compliance.
4. NEW FRONTIERS IN EDISCOVERY | 13
In terms of Brexit, until the United Kingdom finalises its
data protection regime and comes to an agreement
with the European Union, companies will need to think
carefully about the risks of transferring data across
European borders. Once again, mobile ediscovery
solutions provide a neat solution that allows business
to continue processing and transferring data in
Europe in a compliant and cost-effective manner.
Additionally, it is likely there will be renewed focus
on information governance in order to comply with
the “privacy by design” and “right to be forgotten”
components of the GDPR. Understanding
where data is and the volumes involved will
play a big role in ensuring compliance.
REFERENCES
1
https://www.privacyshield.gov/EU-US-Framework