SlideShare uma empresa Scribd logo

How To Do Data Transfers Between EU-US in 2023

TrustArc
TrustArc

This document provides an overview and agenda for a webinar on how to do data transfers between the EU and US in 2023. It discusses where the EU-US data transfer framework currently stands, what additional safeguards are still needed according to European regulators, and differences between UK and EU GDPR. Attendees are polled on their previous and current use of data transfer mechanisms. The speakers will cover what constitutes a data transfer, the expected new EU-US data privacy framework agreement, Standard Contractual Clauses and other tools for international data transfers, and additional safeguards organizations have implemented.

Tecnologia
1 de 17
Baixar para ler offline
1 1 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
2 2 © 2022 TrustArc Inc. Proprietary and Confidential Information. How To Do Data Transfers Between EU-US in 2023
3 3 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
4 4 Agenda • What are data transfers • Where does the EU-U.S. Data Transfer Framework stand today? • What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • UK GDPR vs EU GDPR • How SCCs can be used for cross-border data transfers • Risk mitigation for international data transfers
5 5 Polling Question: Has your company previously been involved in transferring personal data between the EU and US?
6 6 • The EDPB has identified three criteria that qualify a processing as a transfer: 1. A controller or a processor is subject to the GDPR for the given processing. 2. This controller or processor (“exporter”) discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”). 3. The importer is in a third country or is an international organisation, irrespective of whether or not this importer is subject to the GDPR in respect of the given processing in accordance with Article 3. • A transfer requires ○ Movement from a organisation (exporter) to organisation (importer) ○ ie. C-P, P-C, P-P, C-C… ○ Need to consider onward transfers ○ Regardless of GDPR coverage due to extra territorial extent • Direct collection NOT a transfer • Employees taking laptops abroad NOT a transfer • Remote support from India (example) IS a transfer • Processor in EU subject to US authorities COULD be a transfer! https://edpb.europa.eu/system/files/2023-02/edpb_guidelines_05-2021_interplay_between_the_application_of_art3-chapter_v_of_the_gdpr_v2_en_0.pdf What Is and Isn’t a Transfer
7 7 Polling Question: What are you currently using for the transfer of personal data between the EU and US?
8 8 • A new EU-U.S. transatlantic data flow agreement is expected to be finalized by the Fall of 2023 • The EU-U.S. Data Privacy Framework will enable the flow of personal data from ‘data exporters’ in the EU to ‘data importers’ in the U.S. who have signed up to the agreement • The Framework offers a flexible alternative to the European Commission’s Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), which multinationals with a presence inside and out of the EU must otherwise use to share personal data (absent some small exceptions) Where Does The EU-U.S. Data Transfer Framework Stand Today?
9 9 What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • Protections against automated decision making • Restrictions on bulk collection & retention • Independent redress mechanism
10 10 Polling Question: Which additional safeguards have you implemented to mitigate the risks associated with international data transfers between the EU and US?
11 11 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2023 Data Protection and Digital Information Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021 A further layer of track changes! UK Data Protection History Data Protection laws
12 12 UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT UK GDPR versus EU GDPR EVERYTHING AND NOTHING CHANGED!
13 13 • ICO no longer an EU supervisory body, Cannot attend EDPB • Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc) • UK now a “Third Country”, granted six months to gain adequacy by European Commission • UK DSIT takes on “EC role” including the power to grant UK adequacy decisions • UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” • New ICO John Edwards took up post in Jan 2021 • ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex Real Changes… 1st January 2020+ = UK GDPR
14 14 Polling Question: Which data protection regulations do you think will have the greatest impact on international data transfers between the EU and US in 2023?
15 15 How To Do Cross-Border Data Transfers Re-evaluate at appropriate intervals Take formal procedural steps Identify and adopt supplementary measures Assess sufficiency of non-EEA protections Verify the transfer tool Know your transfers STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 STEP 6
16 16 Q&A
17 17 Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recomendados

Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
What New EU Reporting Standards Mean for North America
What New EU Reporting Standards Mean for North AmericaWhat New EU Reporting Standards Mean for North America
What New EU Reporting Standards Mean for North America
GreenBiz Group
 
Integrimet Ekonomike Evropiane
Integrimet Ekonomike EvropianeIntegrimet Ekonomike Evropiane
Integrimet Ekonomike Evropiane
Ferit Sadullahi
 
1. hyrje ne integrime
1. hyrje ne integrime1. hyrje ne integrime
1. hyrje ne integrime
ekonomia
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
accenture
 
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
fatonbajrami1
 
EU-US Data Privacy Framework
EU-US Data Privacy FrameworkEU-US Data Privacy Framework
EU-US Data Privacy Framework
Quotidiano Piemontese
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Recomendados

Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
What New EU Reporting Standards Mean for North America
What New EU Reporting Standards Mean for North AmericaWhat New EU Reporting Standards Mean for North America
What New EU Reporting Standards Mean for North America
GreenBiz Group
 
Integrimet Ekonomike Evropiane
Integrimet Ekonomike EvropianeIntegrimet Ekonomike Evropiane
Integrimet Ekonomike Evropiane
Ferit Sadullahi
 
1. hyrje ne integrime
1. hyrje ne integrime1. hyrje ne integrime
1. hyrje ne integrime
ekonomia
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
accenture
 
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
Ekonomia e Kosovës dhe BE-së - Dr. Gazmend Qorraj (Pyetje dhe përgjigje)
fatonbajrami1
 
EU-US Data Privacy Framework
EU-US Data Privacy FrameworkEU-US Data Privacy Framework
EU-US Data Privacy Framework
Quotidiano Piemontese
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Punim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrjePunim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrje
Mustaf Ameti
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
Miguel A. Amutio
 
Hulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqipHulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqip
Ardian Ibraj
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
Craig Clark ITIL, CIS LI,EU GDPR P
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Biznes nderkombetar Pr. Petrit Gashi
Biznes nderkombetar Pr. Petrit Gashi Biznes nderkombetar Pr. Petrit Gashi
Biznes nderkombetar Pr. Petrit Gashi
Fidan Haliti
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
Biznes nderkombetar Ligjerata-2
Biznes nderkombetar Ligjerata-2Biznes nderkombetar Ligjerata-2
Biznes nderkombetar Ligjerata-2
Zana Agushi
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
paul young cpa, cga
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
pi
 
Integrimi ekonomik
Integrimi ekonomikIntegrimi ekonomik
Integrimi ekonomik
Xhejni Melonashi
 
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
fatonbajrami1
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
Schellman & Company
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton SylqaStruktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Valdet Shala
 
Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021
Mike Wallace
 
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
GreenBiz Group
 
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR ReformsTrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 

Mais conteúdo relacionado

Mais procurados

Punim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrjePunim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrje
Mustaf Ameti
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
Miguel A. Amutio
 
Hulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqipHulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqip
Ardian Ibraj
 
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton SylqaStruktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Valdet Shala
 

Mais procurados (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Punim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrjePunim mbi organizimin e nje ndermarrje
Punim mbi organizimin e nje ndermarrje
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
 
Hulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqipHulumtimi i-800-nvm-ve-shqip
Hulumtimi i-800-nvm-ve-shqip
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
GDPR
GDPRGDPR
GDPR
 
Biznes nderkombetar Pr. Petrit Gashi
Biznes nderkombetar Pr. Petrit Gashi Biznes nderkombetar Pr. Petrit Gashi
Biznes nderkombetar Pr. Petrit Gashi
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
 
Biznes nderkombetar Ligjerata-2
Biznes nderkombetar Ligjerata-2Biznes nderkombetar Ligjerata-2
Biznes nderkombetar Ligjerata-2
 
Introductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptxIntroductory to ESG and Sustainability Reporting.pptx
Introductory to ESG and Sustainability Reporting.pptx
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
 
Integrimi ekonomik
Integrimi ekonomikIntegrimi ekonomik
Integrimi ekonomik
 
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
INFORMATIKA NË BIZNES - Dr. Mihane Berisha (97 pyetje dhe përgjigje)
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton SylqaStruktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
Struktura organizative e ndermarrjes - ligj 4 Mr.Driton Sylqa
 
Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021
 
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
Understanding Double Materiality and the Two-Pillar Reporting System - Matthe...
 

Semelhante a How To Do Data Transfers Between EU-US in 2023

Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New Normal
Executive Leaders Network
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
TrustArc
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
Paul Richards
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
Keith Purves
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
PECB
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
TrustArc
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
John Nas
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
Spoon London
 

Semelhante a How To Do Data Transfers Between EU-US in 2023 (20)

TrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR ReformsTrustArc Webinar: UK's Post-Brexit GDPR Reforms
TrustArc Webinar: UK's Post-Brexit GDPR Reforms
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New Normal
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Brexit Webinar Series 3
Brexit Webinar Series 3Brexit Webinar Series 3
Brexit Webinar Series 3
 
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 

Mais de TrustArc

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
TrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
TrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
TrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
TrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc
 

Mais de TrustArc (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

How To Do Data Transfers Between EU-US in 2023

  • 1. 1 1 Legal Disclaimer The information provided during this webinar does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials presented during this webinar are for general informational purposes only.
  • 2. 2 2 © 2022 TrustArc Inc. Proprietary and Confidential Information. How To Do Data Transfers Between EU-US in 2023
  • 3. 3 3 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
  • 4. 4 4 Agenda • What are data transfers • Where does the EU-U.S. Data Transfer Framework stand today? • What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • UK GDPR vs EU GDPR • How SCCs can be used for cross-border data transfers • Risk mitigation for international data transfers
  • 5. 5 5 Polling Question: Has your company previously been involved in transferring personal data between the EU and US?
  • 6. 6 6 • The EDPB has identified three criteria that qualify a processing as a transfer: 1. A controller or a processor is subject to the GDPR for the given processing. 2. This controller or processor (“exporter”) discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”). 3. The importer is in a third country or is an international organisation, irrespective of whether or not this importer is subject to the GDPR in respect of the given processing in accordance with Article 3. • A transfer requires ○ Movement from a organisation (exporter) to organisation (importer) ○ ie. C-P, P-C, P-P, C-C… ○ Need to consider onward transfers ○ Regardless of GDPR coverage due to extra territorial extent • Direct collection NOT a transfer • Employees taking laptops abroad NOT a transfer • Remote support from India (example) IS a transfer • Processor in EU subject to US authorities COULD be a transfer! https://edpb.europa.eu/system/files/2023-02/edpb_guidelines_05-2021_interplay_between_the_application_of_art3-chapter_v_of_the_gdpr_v2_en_0.pdf What Is and Isn’t a Transfer
  • 7. 7 7 Polling Question: What are you currently using for the transfer of personal data between the EU and US?
  • 8. 8 8 • A new EU-U.S. transatlantic data flow agreement is expected to be finalized by the Fall of 2023 • The EU-U.S. Data Privacy Framework will enable the flow of personal data from ‘data exporters’ in the EU to ‘data importers’ in the U.S. who have signed up to the agreement • The Framework offers a flexible alternative to the European Commission’s Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), which multinationals with a presence inside and out of the EU must otherwise use to share personal data (absent some small exceptions) Where Does The EU-U.S. Data Transfer Framework Stand Today?
  • 9. 9 9 What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament? • Protections against automated decision making • Restrictions on bulk collection & retention • Independent redress mechanism
  • 10. 10 10 Polling Question: Which additional safeguards have you implemented to mitigate the risks associated with international data transfers between the EU and US?
  • 11. 11 11 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2023 Data Protection and Digital Information Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021 A further layer of track changes! UK Data Protection History Data Protection laws
  • 12. 12 12 UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT UK GDPR versus EU GDPR EVERYTHING AND NOTHING CHANGED!
  • 13. 13 13 • ICO no longer an EU supervisory body, Cannot attend EDPB • Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc) • UK now a “Third Country”, granted six months to gain adequacy by European Commission • UK DSIT takes on “EC role” including the power to grant UK adequacy decisions • UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” • New ICO John Edwards took up post in Jan 2021 • ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex Real Changes… 1st January 2020+ = UK GDPR
  • 14. 14 14 Polling Question: Which data protection regulations do you think will have the greatest impact on international data transfers between the EU and US in 2023?
  • 15. 15 15 How To Do Cross-Border Data Transfers Re-evaluate at appropriate intervals Take formal procedural steps Identify and adopt supplementary measures Assess sufficiency of non-EEA protections Verify the transfer tool Know your transfers STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 STEP 6
  • 17. 17 17 Thank You! See http://www.trustarc.com/insightseries for the 2023 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.