GDPR vs PRIVACY SHIELD
GDPR vs Privacy Shield
The European Union General Data Protection Regulation (GDPR) was enacted in the European Union (EU) in 2018. GDPR is a set of rules about how companies should process the personal data of data subjects. It lays out responsibilities for organizations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organization is not complying with GDPR requirements.
All businesses regardless of location, are subject to the GDPR’s requirements when responsible for processing and holding personal data of residents in the European Union. The deadline for GDPR compliance was May 25, 2018 and sizeable penalties for non-compliance can total up to €20 million.
Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US. Privacy Shield is designed to create a program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information.
In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR. Interactive Security is a trusted resource for companies in need of achieving either GDPR and Privacy Shield compliance. Our security specialists work closely with clients to prepare for certification by building customized Gap assessment to meet the regulation standards.
Privacy Shield Principles
The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles combined with 16 equally binding supplemental principles, which explain and augment the first seven. Collectively, these 23 Privacy Shield Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.
Accountability for Onward Transfer
Data Integrity and Purpose Limitation
Recourse, Enforcement and Liability
Performing Due Diligence and Conducting Audits
The Role of the Data Protection Authorities
Human Resources Data
Obligatory Contracts for Onward Transfers
Dispute Resolution and Enforcement
Choice - Timing of Opt Out
Pharmaceutical and Medical Products
Public Record and Publicly Available Information
Access Requests by Public Authorities
Key GDPR Requirements
Understanding GDPR requirements is often considered an overwhelming task. It is important to understand these requirements and their implications on your company. Implementation of GDPR within the context of your company will require a dedicated effort.
Lawful, fair and transparent processing
Limitation of purpose, data and storage
Data subject rights
Personal data breaches
Privacy by Design
Data Protection Impact Assessment
Data Protection Officer
Awareness and training
GDPR or Privacy Shield Security Assessment and Certification
Are you wondering about your organization’s data risks and in need of a current GDPR or Privacy Shield Assessment and Certification? Contact the Interactive Security team at 267-824-2500 or firstname.lastname@example.org. We can help you understand the specific steps your organization needs to take to be GDPR or Privacy Shield compliant.