EU / US Privacy Shield Affects Your Organisation

When you're choosing a cloud provider or a partner to work with, where you physically store your data probably isn't one of the first things that you think about. However, it should be, as exporting data to foreign countries can result in severe penalties and could see you in breach of EU law.

One big issue is the EU-US Privacy Shield, which came into effect on 12 July 2016. It governs data transfer of personally identifiable information (PII) between Europe and America. Under this directive, US companies have to be certified, guaranteeing that European data is adequately protected, processed and shielded from mass US surveillance. 
If you have any data storage or processing taking place on US servers, you need to ensure that the companies you're working with have the right certification.

Changing Tides

Of course, legislation can change, and you may suddenly find that a service is no longer compliant. The US, for example, may introduce new laws or executive orders that directly overrule the safeguards put in place for processing EU data. 
At the same time, if the EU rules that the Privacy Shield is no longer valid, data stored and processed on US servers would suddenly fall foul of European law again.

Even after Britain leaves the EU, any company processing European data will need to maintain levels of compliance.

The original agreement between the EU and the US, Safe Harbour, is a case in point; although it was initially implemented in 2000, Edward Snowden’s revelations about the US National Security Agency and its monitoring methods raised strong concerns that EU data was no longer safe from snooping in the US. So in 2015, the European Court of Justice ruled that the agreement was invalid. That said, it’s important to note that Brexit won’t change the situation. Even after Britain leaves the EU, any company processing European data will need to maintain the same levels of compliance. If you store or process data outside of the EU and US, then you still need the required level of protection. This makes physical location something that needs careful consideration to ensure that you maintain compliance with local and EU rules.

Stronger barriers

So even with full compliance, storing your data in a different country can add complication to your business. For a start, you have the added problem that your data is subject to foreign law enforcement agencies and laws. This may mean that you have to deal with legal challenges and law enforcement agencies that you find it difficult to communicate with.
Although we live in a world where data transfer is easier, location is increasingly important.

Data transfers are going to get even harder when the General Data Protection Regulation (GDPR) becomes law on 25 May 2018. Part of the new regulation is a restriction on how and when data can be moved outside the EU. According to the official guidelines from the Information Commissioner's Office (ICO): "Personal data may only be transferred outside of the EU in compliance with the conditions for transfer."

GDPR covers both the temporary transfer of data and long-term storage, through a cloud provider for example. From the terms of GDPR, it's clear that the EU intends to review agreements regularly, which may mean that what was legal one year is no longer legal in another year.

With GDPR allowing for bigger fines for companies in breach of the regulations, up to €20m or 4pc of worldwide turnover, whichever is greater, businesses simply cannot ignore where their data is stored, and must verify that all storage locations are compliant. 

Although we live in a world where data transfer is easier from a technical standpoint, location is increasingly important from a legal perspective. No matter who you do business with, you need to know where your data is physically stored, and that such storage and processing is compliant with current laws.

Privacy Shield:           Telegraph:

You Might Also Read:

Cyber Attacks On Banks Prompt New Regulatory Safeguards:

US and EU Implement Privacy Shield:

Eight Reasons Why US CEOs Care About New EU Privacy Laws:

What Does Brexit Mean For British Data Privacy?:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:


 

« Teenagers And Cybercrime
Snowden Can Stay In Russia For As Long As He Likes »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Vaadata

Vaadata

Vaadata are experts in ethical hacking. We secure your web, mobile and IoT platforms.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.