Understanding GDPR: EU-U.S. Privacy shield will now replace Safe Harbor
What will change?
Looking at key questions towards a better understanding of GDPR - the new EU General Data Protection Regulation which is coming into effect in May 2018
As the EU-U.S. Privacy shield will now replace Safe Harbor, we ask "What will change?"
New framework will:
- Move away from a self-regulatory approach with increased oversight, enforcement, and sanctions
- Increase role of European national data protection authorities
- Strong obligations on companies – enforceable under U.S. law and will have to commit to comply with decisions by European DPAs.
- Clear safeguards and transparency obligations on U.S. government access – no mass surveillance on the personal data transferred to the US under the new arrangement
- Effective protection of EU citizens’ rights – several redress possibilities for citizens including a new Ombudsperson.
What have other organisations been doing?
- Many companies have been implementing Model Contract Clauses for both internal data transfers and agreements with data
- Cloud operators increasing data center locations in Europe