Data Protection Overview Data Protection & Information Security Officer.
Data Protection and Europe
30
DATA PROTECTION AND EUROPE WHAT YOU NEED TO KNOW
-
Upload
radius-global-growth-experts -
Category
Business
-
view
75 -
download
1
Transcript of Data Protection and Europe
DATA PROTECTION AND EUROPEWHAT YOU NEED TO KNOW
Data protection is a fundamental human right.
Now, more than ever, individuals realize their data is under threat – they no longer
know where their data is held and who by.
This results in high levels of public awareness and regulator reaction
– especially in the EU.
Listen to the webinarListen to the webinar
You should view data protection in the same way as an employment right,
with the threat to your business being from the individuals themselves.
Listen to the webinarListen to the webinar
So when do EU laws apply?
Listen to the webinarListen to the webinar
The laws apply when a ‘data controller processes the personal data of an EU data subject.’
Listen to the webinarListen to the webinar
A business or individual who determines the purpose and manner in which data is processed.
The laws apply when a ‘data controller processes the personal data of an EU data subject.’
Listen to the webinarListen to the webinar
Widely defined to cover almost any operation involving the data, such as filing, updating, recording, receiving, transferring, storing, retrieval, and dissemination.
The laws apply when a ‘data controller processes the personal data of an EU data subject.’
Listen to the webinarListen to the webinar
Any data that relates to a living individual who can be identified from that data.
The laws apply when a ‘data controller processes the personal data of an EU data subject.’
Listen to the webinarListen to the webinar
A living individual whose personal data is being processed.
The laws apply when a ‘data controller processes the personal data of an EU data subject.’
Listen to the webinarListen to the webinar
Only nine percent of companies we asked said they had a comprehensive data protection strategy for Europe.
9%Listen to the webinarListen to the webinar
That’s ninety one percent of companies left potentially at risk. Is your company one of them?
91%Listen to the webinarListen to the webinar
The EU Directive has seven key principles which have been transcribed into domestic
legislation by each Member State …
Listen to the webinarListen to the webinar
NOTICEPURPOSECONSENTSECURITY
DISCLOSUREACCOUNTABILITY
ACCESS
Listen to the webinarListen to the webinar
These principles are most easily tackled when grouped into 3 key stages …
Listen to the webinarListen to the webinar
A data controller must ensure that an individual has been notified of the reasons for collecting his or her data, and must obtain the individual's consent.
Note that consent via a clause in the employment contract is not considered freely given.
1Data Collection
Listen to the webinarListen to the webinar
The data controller must have adequate systems in place to ensure that data is secure, only used for the purpose it was collected, and only for as long as it is required.
2Data Handling
Listen to the webinarListen to the webinar
Only data controllers have statutory duties. They remain responsible even when the data is being processed by data processors.
3 Data Transfer
Listen to the webinarListen to the webinar
Only select third party processors that have robust internal data security controls. Once selected, commit your data processors to contractual undertakings such as terms relating to minimum security measures.
3 Data Transfer
Listen to the webinarListen to the webinar
Fifty-five percent of companies we asked found the data-transfer stage of data protection compliance to be the most challenging – and for a good reason.
55%
Listen to the webinarListen to the webinar
You want to transfer data outside of the EEA?
Listen to the webinarListen to the webinar
Think again.
Listen to the webinarListen to the webinar
Transferring to countries without adequate levels of protection can
be a breach of the law. Only certain countries are on the approved list.
Listen to the webinarListen to the webinar
Transferring to countries without adequate levels of protection can
be a breach of the law. Only certain countries are on the approved list.
Andorra
Argentina
Canada
Faroe Islands
Guernsey
Isle of Man
Israel
Jersey
New Zealand
Switzerland
Uruguay
Listen to the webinarListen to the webinar
The U.S. is not one of them.
Listen to the webinarListen to the webinar
However, U.S. businesses can voluntarily sign up to Safe Harbor which applies similar data privacy requirements as the EU and permits data to flow from the EU to a Safe Harbor registered business.
Listen to the webinarListen to the webinar
Note this only applies to data destined for the U.S. and won’t cover transfers to other countries.
Listen to the webinarListen to the webinar
Need help with your EU data protection obligatons?
Connect with Radius:US: +1 888 881 6576 UK: +44 (0) 203 005 5518
Radius helps companies expand and win globally.
Need help with your EU data protection obligatons?
Connect with Radius:US: +1 888 881 6576 UK: +44 (0) 203 005 5518
Radius helps companies expand and win globally.
Want More Insight Into Key International Expansion Issues?
WINDING DOWN A BUSINESS ABROADWHAT YOU NEED TO KNOW BEFORE YOU SET UPWHAT’S THE BOTTOM LINE WHEN
BUDGETING FOR OVERSEAS EXPANSION?AN EXCERPT FROM WINNING GLOBALLY: A PLAYBOOK FOR INTERNATIONAL EXPANSION TEAMS
View the SlideshareView the Slideshare
