Passed in 1995, the E.U. Data Privacy Directive is the world’s most comprehensive data protection legislation. It requires member states to enact their own data protection laws, leveraging the Directive’s privacy principles. Both government and private entities, including businesses that process employee and consumer data, must abide by the Directive. No data can leave the E.U. unless the transmission goes to a “third country” that employs adequate protection. In other words, data concerning individual Europeans can go only to countries with data protection laws the European Commission considers adequate enough to safeguard personal data (PD). The United States does NOT meet the “adequacy” requirement, and therefore under a strict reading of the Directive’s article 25(1), personal data transmissions to the U.S. would prove to be illegal, unless a qualified exception applies.
The E.U. Data Privacy Directive prohibits European firms from transferring personal data to overseas jurisdictions with weaker privacy laws, but creates exceptions where the overseas recipients have voluntarily agreed to meet EU standards under the Directive's Safe Harbor Principles. Is your company Safe Harbor certified? See below:
- Compliance with EU Safe Harbor
- Identification of non-compliant areas and understanding of what actions are needed to comply
- Proper 3rd party objective demonstration of EU Safe Harbor compliance
- Avoidance of fines that could result of a failing a EU Safe Harbor Audit
- Reduction of the cost, confusion, and complexity of compliance
SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. SecureState’s experience and knowledge, developed while working with some of the top Fortune 500 financial institutions in the country and a governing body, provides your organization with a true picture of your compliance with EU Safe Harbor.