Data Privacy and EU Data Directive

What is it?

  • The EU Data Directive limits European Member states from transferring data to the U.S.
  1. Even transferring employee data from a US company’s EU affiliate is restricted
  • To transfer data from the EU to the U.S., companies can put in place a contract verifying conformance to the data privacy laws of the EU Member Country and must obtain approval for the transfer
  • Alternatively, U.S. firms may obtain “Safe Harbor” recognition from the US Dept of Commerce 
  1. Safe Harbor is recognized by the EU and allows transfers to the US with minimal formalities

Why You Care

  • Regardless of whether you obtain Safe Harbor recognition, the EU Data Directive substantially limits the manner in which US Companies can obtain and use data when working with European firms
  • Choosing Safe Harbor protection is right for some, but not all, companies
  1. Failure to comply with Safe Harbor requirements subjects companies to liability by the US FTC
  • Data Privacy is a complex area of law.  In the US, myriad laws govern data privacy, many of which are state and/or industry specific.  Complying with EU laws, US laws, and the Data Privacy laws of other countries in which you do business requires a delicate balancing act
  • More countries are putting in place their own data privacy laws, and there is reason to believe this trend will only accelerate

The IntegTree Solution

  • At IntegTree we provide both training and consulting services.  Our consulting services include assessing whether Safe Harbor certification is right for you.
  • Regardless of whether Safe Harbor is appropriate for you, we can evaluate and help improve your data privacy procedures.  We also can help draft and publish your data privacy statement.
  • If you choose to pursue Safe Harbor or have already obtained Safe Harbor, we work with you to establish or audit procedures to comply with Safe Harbor requirements and to self-certify with the Department of Commerce.
  • We also train your workforce on the EU Data Directive.  We can teach your data processors the steps needed to enhance compliance with relevant laws, including the Seven Safe Harbor Principles 
  • As with all IntegTree training programs, we work with you to customize the training to that most relevant to you.  We can deliver both short training courses and a more in-depth training intervention.  Customized Online materials can also be developed to meet your specific, ongoing training needs.