Data protection authorities have been cracking down on GDPR breaches, and experts are not exempt from regulators’ gaze.
GDPR
Canada’s PIPEDA vs. EU’s GDPR: what are they, and why should companies heed then?
Simply put, they are in place to protect consumers’ privacy. The laws are so similar that the EU has decided that the practices in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) are ‘adequate’ by their standards.
While the EU may agree with Canada’s privacy policies, it does not mean that if a U.S. company is compliant with one, it automatically meets the requirements of the other. The General Data Protection Regulation (GDPR) and PIPEDA do have some differences, and if your company does business in Canada and Europe it must be compliant with both.
The EU US Privacy Shield is the latest in data protection frameworks to manifest since the implementation of the GDPR. In an agreement between Europe and the United States, to foster positive transatlantic trade, the framework has been developed to facilitate the easier transfer of personal data from the EU to the US.
When thinking about whether your company would benefit from Privacy Shield certification the most important question to answer is: is my company under the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transport (DOT)? If the answer is yes, then the Privacy Shield could be of real benefit to your organization when dealing with the transatlantic transfer of personal data from the European Union to the U.S.
The EU-US Privacy Shield program was launched in early 2019 primarily as a response to two external causes; the ruling by the Court of Justice of the European Union (CJEU) which invalidated the Safe Harbour program in 2015, and the enactment of the General Data Protection Regulation (GDPR) introduced by the European Union in 2018.
The latest in data privacy frameworks have come in the form of the EU US privacy shield. This framework has come about as a response to the EU General Data Protection Regulation (GDPR). The framework has been decided to meet the adequacy determination of the European commission, and now the transfer of personal data from the EU to the US can be made easier if US organizations choose to join the privacy shield framework.
More customers are becoming aware of data privacy when engaging with businesses online. With data breaches on the increase, many customers face issues regarding the adequate protection of personal data, especially following the event of a data breach or cyberattack. In a report given by RAND corporation, it was found that 11 percent of customers would change organization, and 23 percent would give the existing organization less business. These realities have spawned an ecosystem of regulation and data privacy awareness.
The General Data Protection Regulation (GDPR) came into effect last year giving pressure to data brokers and tech firms to adequately protect, process and store customer information. Developed by the European Parliament and the Council of the European Union, the new EU data regulation laws threaten businesses with hefty fines of roughly 20 million euros or four percent of their turnover should they fail to adhere to the new legislation geared towards giving people more control over their personal information.