Following the recent axe of the US-EU Privacy Shield legislation, are you working with a compliant VDR provider? And what could be the consequences if you are not?
Following the failed Safe Harbour agreement, the EU-US and Swiss-US Privacy Shield Frameworks were designed by the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
This framework was designed to provide additional protection to EU citizens, but was shot down last week. In the ruling by the European Court of Justice, judges expressed concerns that Privacy Shield certification did not adequately protect the data of European citizens from US surveillance activities in the same way they are protected in the EU.
Specifically, the Court found that US law does not ensure the level of protection required by the EU’s General Data Protection Regulation, (GDPR), because in the United States the interests of national security, public interest and law enforcement have primacy over the fundamental privacy rights guaranteed within the European Union by virtue of the GDPR, which came into force in May 2018.
About 5,000 companies currently rely on the framework to transfer personal data to the US, Virtual Data Room providers are amongst them. As a result and next step by the EU, an urgent review of data transfer maps is underway. This is the time to find out where cloud providers are actually keeping your data and what data transfer flows are in place.
The main companies that will be affected are US companies that manage EU citizens data.
- Where is my data physically stored?
- Does my data ever flow on to US soil?
If you are not satisfied with the answers to these questions your organisation could be falling short of the GDPR regulations and be open to scrutiny.
At Sterling Technology we host data in highly secure accredited facilities in the UK and Germany, giving the choice to clients over where their data is located. All data remains within that infrastructure network and never touches US soil.
Do you have any questions?
If would like to discuss further or if you have any concerns then do please do get in touch.
Are you after some more general information on data rooms, including some advice on how to pick a provider that works for you, here’s our list of FAQs. Or contact one of our experts today:
