This blog series will cover the results of a new privacy survey conducted in May of 2017 as part of the closing session at the TrustArc Privacy Risk Summit, held at the Bespoke Conference Center in San Francisco June 6, 2017. The survey, conducted by Dimensional Research on behalf of TrustArc, focused on the status of U.S. private sector efforts to meet privacy mandates in general and in particular to meet the May 25, 2018 deadline for the EU General Data Privacy Regulation (GDPR). The results will be shared in a three-part blog post series: Part 1: General Privacy Market Results Part 2: GDPR … Continue reading TrustArc Privacy and GDPR Compliance Research Report – Part 1 of 3
EU General Data Protection Regulation (GDPR) The EU GDPR is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. The 200-plus page GDPR replaces the 20 year old Directive (95/46/EC). This new law has received a lot of attention due to its complexity and the associated penalties for noncompliance. Fines can be up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year (whichever is higher). As a result, many organizations are … Continue reading 1 Year Until EU GDPR Enforcement Begins
Adding Swiss-US Privacy Shield self-certification. As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield. Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are: When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or … Continue reading Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap
Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?
1) Jurisdiction-Specific Transfer Benefits: In Japan, companies that have a CBPR certification do not have to obtain consent to transfer data to another country, which is otherwise required under Japanese law. 2) Facilitation of APEC-European Interoperability: An APEC CBPR certification may make it easier for an organization to obtain approval of their Binding Corporate Rules in the European Union. Since 2013, APEC member Economies and EU officials have been collaborating to promote interoperability between the two regional transfer mechanisms. 3) Alignment with Global Frameworks: An APEC CBPR certification is based on many of the same principles that inform the OECD … Continue reading 5 Benefits of APEC CBPR Certification You Should Know About