The EU and the US have long handled data differently. Here in Europe, our personal data belongs to us. However, in the US, it’s actually the state which retains control of your data. Five years ago, a EU-US Privacy Shield was put in place to ensure that on US land, EU data still complied with European data protection requirements.  Fast forward to today and the Privacy Shield is being abolished with potentially disruptive ramifications for marketers and business owners alike.

To ensure you remain compliant and handle your sensitive customer data as safely as possible, here’s a summary of the changes to the EU-US Privacy Shield and what they could mean for your business.

Data Adequacy

With the Privacy Shield abolished, where your data can legally be sent to outside of Europe is determined by data adequacy, and whether or not the country in question meets adequacy standards. To determine whether a country can be deemed adequate or not, the EU thoroughly researches its data protection laws. If those laws are similar to those of the EU, adequate status will be granted.

America does not meet adequacy requirements and, according to the European Court of Justice, will never achieve that position under its current structure. This means that sending data to the US is now illegal.

Illegal Data Sending

If your company or email service provider stores its data in the US, the abolition of the Privacy Shield now means you are breaching General Data Protection Regulations (GDPR).

It is important to note that responsibility for remaining compliant lies with the UK company and not with the US organisation. As a marketer, you must check you are being legally compliant with any personally identifiable information collected from customers or prospects. There is no transition period, so data currently stored in the US will need to be reviewed and potentially moved as a matter of urgency.

Changing Contracts

If you are under contract with a US-based marketing platform such as email service provider, you will need to amend your contract in light of the EU-US Privacy Shield changes.  Of course, you can expect that the service provider will want to retain your custom so they may well already have taken measures to ensure your data is stored in an appropriate location and handled in a compliant manner. Speak with them to determine what options they have for your EU data to be held outside of the US.

The EU and the US have long handled data differently. Here in Europe, our personal data belongs to us. However, in the US, it’s actually the state which retains control of your data. Five years ago, a EU-US Privacy Shield was put in place to ensure that on US land, EU data still complied with European data protection requirements.  Fast forward to today and the Privacy Shield is being abolished with potentially disruptive ramifications for marketers and business owners alike.

To ensure you remain compliant and handle your sensitive customer data as safely as possible, here’s a summary of the changes to the EU-US Privacy Shield and what they could mean for your business.

Data Adequacy

With the Privacy Shield abolished, where your data can legally be sent to outside of Europe is determined by data adequacy, and whether or not the country in question meets adequacy standards. To determine whether a country can be deemed adequate or not, the EU thoroughly researches its data protection laws. If those laws are similar to those of the EU, adequate status will be granted.

America does not meet adequacy requirements and, according to the European Court of Justice, will never achieve that position under its current structure. This means that sending data to the US is now illegal.

Illegal Data Sending

If your company or email service provider stores its data in the US, the abolition of the Privacy Shield now means you are breaching General Data Protection Regulations (GDPR).

It is important to note that responsibility for remaining compliant lies with the UK company and not with the US organisation. As a marketer, you must check you are being legally compliant with any personally identifiable information collected from customers or prospects. There is no transition period, so data currently stored in the US will need to be reviewed and potentially moved as a matter of urgency.

Changing Contracts

If you are under contract with a US-based marketing platform such as email service provider, you will need to amend your contract in light of the EU-US Privacy Shield changes.  Of course, you can expect that the service provider will want to retain your custom so they may well already have taken measures to ensure your data is stored in an appropriate location and handled in a compliant manner. Speak with them to determine what options they have for your EU data to be held outside of the US.

While data permissions and regulations can be complicated and confusing, the safe handling of customer and client information is a matter of critical business importance.  If you need further assistance in this area, please speak to a member of the Adrac team.

While data permissions and regulations can be complicated and confusing, the safe handling of customer and client information is a matter of critical business importance.  If you need further assistance in this area, please speak to a member of the Adrac team.

Author Rebecca

More posts by Rebecca
shares