General Data Protection Regulation (GDPR) vs Privacy Shield

GDPR vs Privacy Shield

The European Union General Data Protection Regulation (GDPR) was enacted in the European Union (EU) in 2018.GDPR is a set of rules about how companies should process the personal data of data subjects. It lays out responsibilities for organizations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organization is not complying with GDPR requirements.

All businesses regardless of location, are subject to the GDPR's requirements when responsible for processing and holding personal data of residents in the European Union. The deadline for GDPR compliance was May 25, 2018 and sizeable penalties for non-compliance can total up to 20 million.

Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US. Privacy Shield is designed to create a program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information.

In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR. Interactive Security is a trusted resource for companies in need of achieving either GDPR and Privacy Shield compliance. Our security specialists work closely with clients to prepare for certification by building customized Gap assessment to meet the regulation standards.

Privacy Shield Principles

The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles combined with 16 equally binding supplemental principles, which explain and augment the first seven. Collectively, these 23 Privacy Shield Principles lay out a set of requirements governing participating organizations' use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.

Principles

NoticeChoiceAccountability for Onward TransferSecurity

Data Integrity and Purpose LimitationAccessRecourse, Enforcement and Liability

Supplemental Principles

Sensitive DataSecondary LiabilityPerforming Due Diligence and Conducting AuditsThe Role of the Data Protection AuthoritiesSelf-CertificationVerificationAccessHuman Resources DataObligatory Contracts for Onward Transfers

Journalistic ExceptionsDispute Resolution and EnforcementChoice - Timing of Opt OutTravel InformationPharmaceutical and Medical ProductsPublic Record and Publicly Available InformationAccess Requests by Public Authorities

Key GDPR Requirements

Understanding GDPR requirements is often considered an overwhelming task. It is important to understand these requirements and their implications on your company. Implementation of GDPR within the context of your company will require a dedicated effort.

Lawful, fair and transparent processingLimitation of purpose, data and storageData subject rightsConsentPersonal data breaches

Privacy by DesignData Protection Impact AssessmentData transfersData Protection OfficerAwareness and training

GDPR or Privacy Shield Security Assessment and Certification

Are you wondering about your organization's data risks and in need of a current GDPR or Privacy Shield Assessment and Certification? Contact the Interactive Security team at 267-824-2500 or sales@intactsec.com. We can help you understand the specific steps your organization needs to take to be GDPR or Privacy Shield compliant.