On Tuesday 2nd February 2016, many US businesses woke up to the news that a new EU/US partnership for data exchange and the protection of EU data had been agreed upon- it was named ‘Privacy Shield’ and marks a significant turning point for data privacy.
According to a 2014 Congressional Research Service study, cross-border data flows between the US and Europe are the highest in the world – almost twice as much data as moves between the US and Latin America, and 50% higher than data flows between the US and Asia.
It therefore stands to reason that a partnership such as ‘Privacy Shield’ has been agreed upon, in the interest of economic growth and ‘digital prosperity’.
As expected, greater accountability and obligations have been placed on businesses in the US who want to keep conducting business in the EU. EU citizens can now hold businesses accountable for any mis-handling of their data, and formally issue complaints regarding this.
> See also: The EU GDPR: how businesses that transact can act
Furthermore, ‘Privacy Shield’ will set to ensure clear safeguards and transparency obligations are placed on the US government’s access to personal data.
On paper, ‘Privacy Shield’ marks a new era of regulation and restriction for US businesses who want to conduct business in Europe. But does it necessarily have to be ‘doom and gloom’? How can US organisations still operate with freedom, but adhere to local laws and regulations for EU data protection?
Binding Corporate Rules (BCRs)
Many organisations are unware of Binding Corporate Rules (BCRs) accreditation and how it can facilitate safe and legal data exchange. BCRs represent a comprehensive global data protection and privacy framework, and are in compliance with the most rigorous EU laws.
With this recognition, organisations who receive BCR accreditation are allowed to transfer personal data outside of the EU in a safe manner and in accordance with local laws and regulations.
BCRs can help to drive up the levels of confidence and compliance and can fundamentally help US businesses navigate their way through the ‘patchwork’ of differing data privacy laws in countries throughout the EU. With BCRs in place, organisations can be confident that business will not be disrupted because they are striving to set up the highest level of protection across the organisation.
Working towards BCR accreditation is certainly not without risk, however in a time of uncertainty- and with a further three months of negotiating to take place for ‘Privacy Shield’ to be followed up with a ‘Safe Harbour 2.0’ agreement- it can pay off.
With BCRS, customers can come to US businesses, safe in the knowledge that their data will be protected and safeguarded in compliance with EU laws. At BMC, we anticipated the end of Safe Harbour early and worked to receive BCR accreditation ahead of time as both a data controller and data processer.
The road ahead
Whatever permanent replacement for Safe Harbour 2.0 is possibly agreed upon in April 2016, it is sure to transform the way the global business community considers data. Investor and senior partner at Hummer-Winblad, Anna Winblad once said that ‘data is the new oil’.
> See also: The EU General Data Protection Regulation is now law: here's what you need to know
It is fast becoming a priceless commodity in our digital era. If harnessed and protected correctly- data can be the linchpin for continued business growth and prosperity in the Fourth Industrial Revolution.
Like many of our peers, we eagerly await the outcomes of Safe Harbour 2.0. Businesses across the US will have to adapt, innovate and comply to enjoy continued growth and to create a culture of trust amongst EU citizens.
Sourced from Paul Appleby, EVP Transformation, BMC Software