Implications of the Scrapped Safe Harbour Agreement on Data Handling

In the rapidly evolving world of data protection, companies operating on both sides of the Atlantic are facing significant challenges. The General Data Protection Regulation (GDPR), scheduled to replace the current EU Data Protection Directive in 2016, requires compliance by 2017. This regulation is intended to facilitate the growth of trade by creating a European single digital market without hindering it.

Sheila FitzPatrick, chief privacy officer at NetApp, highlights Binding Corporate Rules (BCRs) as a proven and feasible solution for companies seeking to achieve EU data protection standards. However, it's important to note that there is no public, comprehensive official list of companies that have obtained BCR approvals so far. Some larger multinationals, such as those in banking, tech, and automotive sectors, have achieved this, but detailed, up-to-date, and complete information can only be found by contacting the respective EU data protection authorities or by reviewing official company statements.

Local data centres are not a feasible remedy in the short term for data transfer concerns and could create more issues for businesses down the road. Understanding data management across various IT infrastructure environments, including on-premise, public cloud, private cloud on-premise, hosted private cloud, collocated storage, and combinations of these, is crucial for companies.

The European Court of Justice (ECJ) declared the Safe Harbour agreement for data transfer from the EU to the US invalid last month, causing a significant impact on US companies that relied on Safe Harbour as their sole compliance mechanism. The philosophical difference between the EU's expectation of privacy and the US belief in freedom of information is a key issue in resolving Safe Harbour issues.

The ECJ's ruling demonstrates a willingness to stand against US data processing practices and prioritize the interests of EU citizens. Under the new regulation, companies found to be breaking the law could be fined up to 5% of their annual revenue. The situation regarding EU data protection laws is in a constant state of movement and fluidity, with both the Safe Harbour ruling and the pending changes to the EU Data Protection Directive.

In light of these developments, technology providers can offer greater value to their customers by understanding the changes to the law and offering solutions and advice to ensure companies and the data they hold are protected. Effective privacy compliance and data control are essential for companies to handle the current and upcoming changes to EU data protection laws. Companies on both sides of the Atlantic need to keep abreast of the latest developments and understand the impact of their data handling within the framework of fluctuating laws.

The GDPR aims to provide a uniform regulation across the European Economic Area (EEA) to ensure personal data is subjected to the highest levels of security, privacy, and protection. The ruling on Safe Harbour signals the need for data management that maximizes the value of data as an asset and removes locational barriers to privacy and compliance. As the landscape of EU data protection continues to evolve, adaptable data management will be key for companies seeking to navigate these changes and maintain compliance.