Pulsant insights and best practices delivered to your inbox every month.
Data has made the news yet again. This time, however, it’s not a data breach that’s grabbed headlines, but the ruling of a European Union court to suspend the safe harbour agreement — that says private data collected by internet companies must be kept safe when transferred between the EU and US. Essentially the court has said that the data transfer agreement between the EU and the US doesn’t comply with European human rights law.
But what does that really mean? It’s all about privacy — yours, mine. Privacy laws in the US aren’t up to the same standard as they are in the EU and the safe harbour agreement basically okays that. The ruling came about as a result of a case brought by privacy activist Max Schrems against Facebook. He says that by allowing the data transfer between the EU and US — data like Facebook posts and emails — to data centres where it’s stored and processed, EU citizens have been exposed to US spying.
So it’s a definite win for personal privacy. But for business, it will take some changes and will definitely complicate the relationships between data processors. And this just means ensuring that the specific data controls are adhered to, particularly those that are under contract.
Of course in the legal sphere there’s bound to be a challenge to the ruling, and certainly many complaints. In the meantime, for service providers and organisations like Pulsant that deal in the storage of data, we need to take guidance from the Information Commissioners Office (ICO) and other regulatory bodies to make sure we’re moving ahead as we should.
But it’s happened at perhaps the ideal time. Organisations are readying themselves for the new General Data Protection Regulation that’s set for finalisation by the end of the year, so any additional changes that need to be considered will be timely.
While compliance is critical for businesses such as ours, when it comes to data protection, we are crossing the I’s and dotting the T’s and following the lead of bodies like the ICO. We have an excellent existing compliance framework and welcome the chance to work with our customers to understand how these new changes affect their business and operations.