US Safe Harbor Registrations
According to the European Union (“EU”) Directive 95/46/EC (“Directive”) on the protection of personal data, a transfer of personal information from an EU member country to a non-EU country which lacks comparable data privacy regulations is prohibited. The countries considered to have an adequate level of protection are Switzerland, Canada, Argentina, Guernsey, and Isle of Man. Transfers between EU countries are allowed. Companies based in the United States (“US”) can transfer personal information related to European citizens to the US provided the companies comply with one of the four methods of cross border data transfer compliance: (1) US Safe Harbor, (2) Model Contracts, (3) Binding Corporate Rules, or (4) Get Permission.
Sunera can help assess your organizations cross border data transfer compliance based on the US Safe Harbor framework. The Safe Harbor framework consists of privacy principles established by the US Department of Commerce (“DOC”) in cooperation with the EU Commission. The seven principles for protecting personal data include implementing reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
EU DPA Registrations
EU member states have established a public register of data controllers. Organizations processing personal data may have to register in each state in which they are established since there is currently no central European registration process. Sunera can assist you organization through this registration process and help ensure your registrations are accurate and current.
Discovery – As a first step, we can help determine the data protection and registration requirements for the countries in which your organization has business operations. Secondly, we will identify the types of information being collected, processed, stored and transmitted within each of these countries. We will assess both customer and employee data in both electronic and hard copy form. Based on the information collected from these discovery sessions and documentation, Sunera will determine which European countries require registration.
Registration Preparation – Using the information collected during the discovery phase, we will help organize and document the information required for your organization to complete the DPA registrations in the countries deemed necessary. In addition, Sunera has partnerships with European data privacy attorneys who can be used on an as needed basis for subject matter expertise in countries with evolving privacy legislation to ensure submissions are accurate and complete.
