Privacy Shield overturned: how can businesses ensure GDPR compliance?
The General Data Protection Regulation (GDPR) has been in effect since 2018 and businesses and customers in Europe are slowly but steadily getting accustomed to the idea that personal data is a valuable resource and has to be treated accordingly. However, if you are doing business with or use the services of US companies, the situation may not be that straightforward.
Currently, all data transfers are regulated by the EU-US Privacy Shield Framework, designed to provide the companies on both sides of the Atlantic with a way to comply with data protection requirements. However, according to the US surveillance laws, all protection is limited to US persons, while the data of foreign citizens are not covered by the American data protection acts. Thus, American data protection laws clash with the fundamental rights of European citizens. Dealing with American companies, you never know whether your business is under surveillance and have no control over your data. It is obvious that the level of data protection in the USA is not sufficient according to European standards. The issue has finally been recognized and addressed by the Court of Justice of the European Union (CJEU). This summer CJEU invalidated Privacy Shield, which means that US companies may not use Standard Contractual Clauses (SCC) to transfer data.
The annulment of the EU-US agreement has serious implications. This is especially true for small and medium-sized companies that relied heavily on cloud services. Such companies now need to check whether their cloud service providers process personal data in third countries and on what basis – only to find out that they are not fully compliant anymore. While legislators are trying to work out some legal base for the transfer of personal data from Europe to the United States, many businesses realize that it is unwise to rely solely on large IT companies from China and the USA and are looking for server and data centre solutions.
If you, like many others, are searching for a server/data centre solution for the Atlassian ecosystem that will help you ensure the GDPR compliance, check out our GDPR (DSGVO) and Security for Jira and GDPR (DSGVO) and Security for Confluence. It contains a number of modules that will help you to
- Handle announcements
- Get consent
- Anonymize personal data
- Access statistics
- And more – everything you need to cover your requirements.
For more information on GDPR compliance, check out more articles in this series:
- 4 easy questions to check if you are fully GDPR compliant
- Be GDPR compliant, Part 1: everything you need to know about getting consent in Jira and Confluence
- Be GDPR compliant, Part 2: ensure the right to erasure, find and anonymize PII in Jira
- New model of calculating GDPR fines is to increase possible penalties