Skip to content

(267) 824-2500

Headquarters in the Greater Philadelphia Area

GDPR vs PRIVACY SHIELD

GDPR vs Privacy Shield

The European Union General Data Protection Regulation (GDPR) was enacted in the European Union (EU) in 2018. GDPR is a set of rules about how companies should process the personal data of data subjects.  It lays out responsibilities for organizations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organization is not complying with GDPR requirements. 

All businesses regardless of location, are subject to the GDPR’s requirements when responsible for processing and holding personal data of residents in the European Union.  The deadline for GDPR compliance was May 25, 2018 and sizeable penalties for non-compliance can total up to €20 million. 

Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US.  Privacy Shield is designed to create a program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information.

In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR.  Interactive Security is a trusted resource for companies in need of achieving either GDPR and Privacy Shield compliance.  Our security specialists work closely with clients to prepare for certification by building customized Gap assessment to meet the regulation standards.

Privacy Shield Principles

The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles combined with 16 equally binding supplemental principles, which explain and augment the first seven. Collectively, these 23 Privacy Shield Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.

Principles

Notice

Choice

Accountability for Onward Transfer

Security

Data Integrity and Purpose Limitation

Access

Recourse, Enforcement and Liability

Supplemental Principles

Sensitive Data

Secondary Liability

Performing Due Diligence and Conducting Audits

The Role of the Data Protection Authorities

Self-Certification

Verification

Access

Human Resources Data

Obligatory Contracts for Onward Transfers

Journalistic Exceptions

Dispute Resolution and Enforcement

Choice - Timing of Opt Out

Travel Information

Pharmaceutical and Medical Products

Public Record and Publicly Available Information

Access Requests by Public Authorities

Key GDPR Requirements

Understanding GDPR requirements is often considered an overwhelming task.  It is important to understand these requirements and their implications on your company.  Implementation of GDPR within the context of your company will require a dedicated effort. 

Lawful, fair and transparent processing

Limitation of purpose, data and storage

Data subject rights

Consent

Personal data breaches

Privacy by Design

Data Protection Impact Assessment

Data transfers

Data Protection Officer

Awareness and training

GDPR or Privacy Shield Security Assessment and Certification

Are you wondering about your organization’s data risks and in need of a current GDPR or Privacy Shield Assessment and Certification? Contact the Interactive Security team at 267-824-2500 or sales@intactsec.com. We can help you understand the specific steps your organization needs to take to be GDPR or Privacy Shield compliant.