Planning business in the EU? You need to know this.

Remember when sharing information only required ink and a stamp, a rotary phone, or—if you were really fancy—a squawking fax machine?

 

Today, companies have many options when it comes to communication.

 

If your company is thinking about expanding operations to a European market, you should know—some data-sharing changes may be on that horizon.

 

The EU-US digital agreement

The European Union (EU) considers privacy a “human right.” That’s prompted tough privacy laws like the EU Data Protection Directive (Directive 95/46/EC on the protection of individuals with regard to the processing of personal data (PII (U.S.)) and on the free movement of such data) and the General Data Protection Regulation (GDPR) that went into effect last May. Fines for violating the GDPR are heavy—up to €20 million or 4 percent of a company’s global annual turnover of the previous financial year, whichever is higher, or even revoking that company’s right to process data in the EU. This does not include the reputational damage that will likely occur to a company in the event of GDPR violations.

 

While the U.S. hasn’t adopted the GDPR, it does have a 2016 agreement to enable a data-sharing framework between the US and the EU. It’s called Privacy Shield. The goal of Privacy Shield? To allow U.S.-based companies that have put in place appropriate  personal data protection standards meeting EU requirements to engage in  data sharing with entities in the EU.

 

How long will Privacy Shield last?

Privacy Shield has been under challenge from the beginning of its existence. Part of the problem, critics say, is that Privacy Shield relies too heavily on self-assessment. In July, the European Parliament passed a non-binding resolution to suspend Privacy Shield unless the U.S. becomes fully compliant by September 2, 2018. Recent social media scandals (we’re talking about you, Facebook) and other issues have focused additional negative light on Privacy Shield. There are also additional challenges in the EU about the Privacy Shield Framework, in addition to the alternative data transfer mechanism of Standard Contractual Clauses.

 

It always pays to know your options

The best way, as always, is to continually make customer privacy a high priority. Go above and beyond when it comes to compliance. Then, consider how you will navigate potential changes. Some companies are already setting up data processing and storage facilities in the EU. If Privacy Shield does go away, companies may need to consider other options, too.

 

Keep your customers and your company protected with support from a professional partner like ClearStar. Want to know more? Connect today!

Let’s start a conversation

contact Contact