EU Model Clauses - PowerPoint PPT Presentation

1 / 14

About This Presentation

Title:

EU Model Clauses

Description:

business need: efficient company-wide flow of HR and CRM data ' ... recent headline' attention for security breaches. recent enforcement activity ... – PowerPoint PPT presentation

Number of Views:50

Avg rating:3.0/5.0

Slides: 15

Provided by: ecEu4

Category:

more less

Transcript and Presenter's Notes

Title: EU Model Clauses

1
EU Model Clauses

Will they survive BCR?

International Transfers of Personal
Data Brussels, 23-24 October 2006 Lokke
Moerel partner ICT De Brauw Blackstone
Westbroek lokke.moerel_at_debrauw.com 31 20 577 1648
2
EU Model Clauses

Date from time international data transfers were
incidental transfers
Ex pats
US consultant

3
Trends / developments

ICT streamlining
common systems (HR, CRM)
shared service centres
outsourcing
central e-commerce / e-procurement
business need efficient company-wide flow of HR
and CRM data
dynamic routing routing of data is not
foreseeable
laws with extra-territorial effect SOX,
anti-terrorist laws
more and more inter-company cross-border exchange
of personal data

4
Model Clauses inadequate for inter-company data
transfers

numerous contracts, numerous permits
Shell / IBM options
require description data transfers
categories data subjects
data transferred
recipients of data
purposes of transfer
significant changes require
entering into new Model Contracts
new permits
new notifications
false sense of compliance
compliance on paper
no material compliance

5
The legal environment

over 50 jurisdictions (EU and Pacific Rim)
comprehensive data protection legislation
increasingly complex
many more bills
data security law initiatives

6
Increased focus privacy compliance

recent headline attention for security breaches
recent enforcement activity
reputation, reputation, reputation

7
Change of strategy multi-nationals

first bottom-up approach
privacy compliance on national level
now top-down approach
introduction of company-wide privacy standards
local addenda

8
Top 3 considerations for global privacy policy

central systems
100 worldwide compliance is practically
impossible Diverting and conflicting laws
policy decisions in respect of data security and
data processing adequate protection rather
than full compliance
processing instructions central level and impose
on group companies
cost perspective
cheaper to design global policy and identify
additional local requirements
budget constraints require identification
priorities

9
Top 3 considerations for global privacy policy

data protection audits show material compliance
internal processing instructions ( privacy
policy)
Privacy Impact Assessments (PIAs) of ICT systems
overviews of privacy requests data subjects
(access, erasure)
comprehensive training programme
central policy, with local addenda if national
laws so require

10
Top 3 considerations global privacy policy (1)

instruct group companies how to process data
stored in central systems
even EU employees require instructions how to
process data fairly (i.e. delete unnecessary
data, storage limitations etc)
especially if no data protection law applies to
relevant group companies
also under Safe Harbour Principles otherwise
unintentional violations or conservative
application
also under Model Clauses processing instructions
are required provide option for data importer
comply with laws data exporter
comply with EU processing principles

11
Next step BCR

use global privacy policy also as tool for
compliance EU data transfer rules (alternative
for Model Clauses)
applying art. 26 (2) EU Data Protection Directive
(permit based on adequate safeguards)
BCR now mainstream alternative, even preferred
option

12
Privacy Utopia