Transfers of personal data are an essential element of the transatlantic relationship. The European Union (EU) and the United States (US) are important trading partners, and data transfers increasingly form an integral part of their commercial exchanges.
The European Commission considers that a renewed and sound framework for transfers of personal data to the United States remains a key priority. Such a framework is the most comprehensive solution for ensuring effective continuity of the protection of personal data of European citizens when they are transferred to the United States. The U.S-EU Safe Harbor framework was developed to protect the privacy of citizens on both sides, but in October 2015, a ruling by the Court of Justice of the European Union (CJEU) found the current framework to be invalid, and a new Safe Harbor 2.0 version is yet to be agreed upon by both EU and US authorities.
Even some of the most cyber-savvy organizations have found themselves exposed and ill prepared to manage the effects and impact of a data breach. One of the best defenses is to adopt a ‘best practice’ approach utilizing some of the available international standards for information security. Identifying your most critical and sensitive assets and then applying the necessary operational and technical controls will help protect your company and your customers’ personal data. It may even help reduce your fine should a breach occur.
One of the most popular frameworks is ISO/IEC 27001:2013. If in doubt, ask yourselves the following questions to see if you have it covered:
1. Are all of our employees aware of the definition of ‘personal data’?
2. Have we performed a survey to identify if we are processing (obtaining, recording or holding) personal information?
3. Do we have a policy to deal with data protection issues?
4. Did we know that security cameras may require notices regarding privacy?
5. If we process personal data do we protect it securely (store, process, transmit)?
Foresite consultants in the UK and the US are here to help if you need assistance with determining the right guidelines to follow to protect both your data and data that you are entrusted with by your clients.