August 25, 2016
The latest update on BGRS’s approach to our commitment to privacy and data security.
At BGRS we take data governance very seriously and strive for world class security by continuously enhancing our posture to protect client data against the ever-changing threat landscape.
As set forth in numerous media reports, and in a Worldwide ERC membership update, on July 12, 2016, the European Union (EU) formally adopted the Privacy Shield agreement, which provides a new framework for the transfer of personal data to the United States (U.S.).
An Overview of Privacy Shield (Replacing Safe Harbor)
In October 2015, Safe Harbor was invalidated by the European Court of Justice. Privacy Shield replaces Safe Harbor rules of data governance.
Safe Harbor was a framework for allowing cross border exchanges of personal data for commercial purposes to participating U.S. companies, consistent with the underlying data privacy laws of the European Union and Switzerland.
Privacy Shield contains heightened obligations for ensuring data security and privacy in contrast to the Safe Harbor framework, and requires the United States to monitor and enforce more robustly. The U.S. companies that enter into Privacy Shield will also be submitting to the jurisdiction of national data protection authorities in Europe, in addition to oversight by the U.S. Federal Trade Commission.
Prior to this development, BGRS has consistently relied on either the Model Clauses or the written consent approaches to lawfully transfer personal information out of the EU. We were also registered under the Safe Harbor framework, prior to its invalidation in October 2015, but in practice, most of our clients expressed a preference for the Model Clause or consent approach.
In the near future, we will continue to emphasize and follow this approach depending our client’s perspectives, and in the future, begin to offer our clients the third option of Privacy Shield.
To learn more about BGRS’s approach to data security, visit our most recent In the Spotlight.