Monday, January 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Noncompliance with New EU Data Privacy Rules can be Costly

by Thomas Monson
November 5, 2015
in Compliance
Noncompliance with New EU Data Privacy Rules can be Costly

with contributing author Kyle Petersen

On October 6, Europe’s highest court, the Court of Justice of the European Union, struck down the “Safe Harbor Framework,” which existed between the United States and the EU for 15 years. This has an impact on companies collecting or processing personal data in EU nations for use in the United States. The Framework provided a method for over 4,000 U.S. companies to transfer personal information outside the European Union consistent with the EU’s strict Data Protection Directive. The Directive establishes the rules for protecting Europeans’ privacy rights. To take advantage of the Framework, U.S. companies have self-certified compliance with EU standards to the Department of Commerce.

The European court struck down this longstanding business arrangement after Austrian privacy activist Max Schrems alleged his personal information transmitted via Facebook or stored on Facebook’s servers in the U.S. was not, in fact, safe from intrusion from the prying eyes of the U.S. government. Schrems’ lawsuit arose after Edward J. Snowden, former contractor for the National Security Agency, divulged that American intelligence agencies were freely accessing data held by Facebook or transferred by emails and other means between the EU and the U.S. The European high court agreed, holding that U.S. government actions invalidated the “Safe Harbor” provisions.

As a result, many multinational organizations, large and small, must now obtain prior approval from each EU member nation where the company has customers, suppliers, employees or other relationships with EU residents who provide personal information, including names, contact information or other “personally identifiable information” ranging from membership in clubs or trade unions to names of family members, insurance coverage, banking relationships, religious affiliation, employment information and a host of other personal details. Entities engaged in collecting or processing any personal information from residents of an EU member nation are required to register as “data controllers” in each EU country where they do business or collect personal information. Failure to adhere to these European privacy norms can lead to investigations by data protection agencies and fines in the tens of thousands of dollars. In addition, Europeans tend to be highly protective of their privacy and often reject companies that ignore traditional EU-mandated privacy protections.

How to ensure compliance with international data protection laws

If there are concerns about your organization’s continuing capacity to carry on transglobal business arrangements in light of this new EU ruling and to ensure compliance with international data protection laws, contact a lawyer qualified to draft the appropriate documentation for submission to EU data protection agencies to obtain “registration” or “notification” for data collection and transmission strategy and practices with those national agencies.

To establish compliance and rights to receive and transmit personal information, a lawyer will:

  • Prepare written transborder transfer agreements between European and American entities
  • Prepare “Informed Consent” agreements for use when receiving personal information from European residents
  • Counsel with the client in drafting “binding corporate rules” arrangements where advisable in order to satisfy European privacy agencies, which must approve of systems for transferring personal data beyond EU borders
  • Prepare and submit applications for registration/notification, which must be approved by EU national data protection agencies. Many EU data protection agencies require applicants to submit for approval their transborder transfer agreements, Informed Consent Agreements and company privacy policies as part of the registration process.

Although the EU was the original privacy protection leader, many nations on multiple continents have now adopted unique laws restricting the collection of their citizens’ (and residents’) personal information.


Tags: board risk oversight
Previous Post

OIG Raises Compliance Expectations

Next Post

Legal vs. IT: The Data Archiving Disconnect

Thomas Monson

November 5 - Monson headshot (400x600)Thomas Monson, a Shareholder with Kirton McConkie, focuses on international, corporate and real estate law. He can be reached at (801) 321-4800 or tmonson@kmclaw.com. www.kmclaw.com.

Related Posts

illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
2021 with light bulb in place of zero on orange background

Why 2021 is a Fresh Start for Compliance Training

January 18, 2021
Next Post
Legal vs. IT: The Data Archiving Disconnect

Legal vs. IT: The Data Archiving Disconnect

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights