For both EU US Data Privacy Shield and US Swiss Safe Harbor one policy statement will suffice to meet the data protection and the data privacy principles. The new compliance will build maintain and build data integrity and security. It will build more transparency in the company’s action on data transfers and ensure that the company follows the prescribed privacy commitments.
The audit and the compliance world has been undergoing important new changes for the last few months and as a result, companies are in a state of confusion. The change is related to the implementation of new a compliance- the EU US Data Privacy Shield which surpassed EU US Safe Harbor, couple of months back.
This blog presents key facts about this transitioning process from EU US Safe Harbor to EU US Data Privacy Shield and the considerations for which one should be mindful of as a compliance officer.
On Oct 6th, 2015 the European Court of Justice invalidated the adequacy for EU US data transfers under the safe harbor. There were some negotiations early in 2016 regarding policies of the new arrangements to ensure safe and secured information exchange between European Union and the United States. Finally on July 12th, 2016, EU US Data Privacy Shield was formally adopted and announced by the EU Commission and the US Department of Commerce.
What does EU Data Privacy includes:
Unlike Safe Harbor, EU Data Privacy Shield is based on data protection principles that organizations can utilize when collecting, handling and transferring data from EU to the US. As per your business model you have to comply with the data privacy principles of Notice, Choice, Accountability for Onward Transfers, Access and Recourse, Security, Data Integrity and Purpose Limitation, Enforcement and Liability.
EU Certification and Essential Elements:
- Policy Statement: The management intent set forth by the company with EU US Data Privacy Shield requirements.
- Statement of scope: what information/data is received by your company which is in scope of the certification, from EU to US.
- Affiliates: you must provide your company’s model in accordance with its associates, who will have access to the information/data.
- Explanation to EU US Data Privacy Shield principles. These principles are the intent of action that your company considers for data collection, handling and transferring.
- You must refer in your policy statement the third party dispute resolution company details.
- Finally, your company’s office of compliance address to handle any complaints.
**Make sure that the above policy is listed on your company’s website.
It is important to note that there has been no change in the US Swiss safe harbor. You will continue to do business with Swiss based countries as before.
For both EU US Data Privacy Shield and US Swiss Safe Harbor one policy statement will suffice to meet the data protection and the data privacy principles. The new compliance will build maintain and build data integrity and security. It will build more transparency in the company’s action on data transfers and ensure that the company follows the prescribed privacy commitments. For any questions please click below. You can also leave a comment in the field below.