News
Expert privacy shield comment - Iron Mountain
August 2016 by Gavin Siggers, Director of Professional Services, Iron Mountain
Businesses, understandably, have been in limbo over international transfer of
personal data since Safe Harbour was rejected back in October 2015. After it was
decided the proposed regulations didn’t provide adequate protection for the personal
data of EU citizens in the US, many businesses have awaited the replacement and its
expectations for handling this valuable data with caution.
This month’s approval of the new policy from the European Parliament brings Privacy
Shield into action. The policy will guide the way US and EU organisations store,
share and protect the personal data of EU citizens. This is in a bid to keep data
safe, with stipulated guidance around stronger protection of TransAtlantic data flow
and the fundamental rights of individuals whose data is transferred. The approved
regulation also has a positive economic impact, as it supports billions of dollars
worth of trade and facilitates international data transfers - essential to the
British economy.
In addition to increased regulatory change, Brexit has also presented additional
complexities. Despite the current uncertainty of how Brexit will impact Privacy
Shield in the UK, organisations still need to ensure they are preparing to adhere to
its stringent requirements. The initial step in this preparation process is firstly
to understand what Privacy Shield demands of organisations when handling data across
borders, as well as the ramifications of non-compliance, including fines of up to
300,000 euros.
For all data exports to the US there needs to be a full examination of which data
transfer and protection processes will be affected by Privacy Shield - including
online social plugins and analytical tools from America, such as Dropbox. These data
export programmes put organisations in a position of less obvious non-compliance
with many companies being unaware of the risks. To overcome the hidden threats and
consequently the prevention of hefty fines, organisations need to ensure all exports
from the US are aligned with the regulations of Privacy Shield.
Ultimately, businesses need to train and educate both themselves and their employees
on the principles of data protection, including the expectations of Privacy Shield.
Implementing a data management programme to cope with privacy changes right away and
ensuring a cultural shift within organisations towards new more stringent regulatory
demands for data protection are crucial steps for businesses to protect their
reputations and bottom-lines.
