PARCA eNews – Oct. 25 2016 – The European Commission, following a delay, has now given the green light to the EU-US
Privacy Shield governing how personal data is transferred across the Atlantic. The data protection regulation is intended to provide much-needed clarity for EU businesses.
For companies operating in the life sciences arena, transfers of personal data from the EU to the US has been in a state of uncertainty since the European Court of Justice held in October 2015 that the previous Safe Harbor regime was invalid for failing to meet EU data protection standards,
To address the compliance issues, the EU-US Privacy Shield was developed to clarify privacy concerns for businesses transferring data to the US.
Breach of EU data protection laws can carry significant penalties. In May 2016, two UK National Health Service trusts were fined £180,000 ($223,000) and £185,000 ($230,000) respectively by the UK Information Commissioner for two separate data protection breaches.
The Privacy Shield puts in place various measures to ensure that personal data transferred to US companies will be processed subject to appropriate safeguards. It achieves this by:
- Imposing strong obligations on US companies handling and transferring personal data
- Protecting the fundamental rights of individuals and giving them clear and affordable mechanisms to take action against businesses which do not comply; and
- Setting out limitations and safeguards on US Government access to personal data.
If a US company has self-certified within the first two months of the framework being activated (i.e. before Sept. 30, 2016), it will have the benefit of a nine-month grace period to come into compliance with the new program’s requirements.
Source: Lexology newsfeed
No comments:
Post a Comment