June 12, 2016 marked an important date for U.S. companies that have been transferring personal data to anyone in the European Union. Company data such as employee information, business transactions, and high level purchases are often transmitted through international means. The EU-U.S. Privacy Shield replaces the Safe Harbor agreement, which had been nullified by the Court of Justice of the European Union in Schrems v. Data Protection Comissioner.
U.S. Companies Will Have to Change Their Ways
The new compliance requirements will begin on August 1, 2016 for American companies. What does this mean for U.S. companies sharing HR info overseas?
- The Shield will protect fundamental rights to anyone in the European Union whose personal data is now transferred to the U.S. The changes will bring more clarity to businesses that participate in transatlantic data transfers.
- There will be an increase in protection of personal data transferred from a Privacy Shield co-operating company to a third party. The transferring party will be held responsible to check on third party contractors who transfer important data.
- Companies will be forced to only collect information that is relevant. Over-collecting of information will be disposed of.
- Companies will now need to establish a specific person to quickly respond to any privacy complaints.
- Companies will be forced to agree to arbitrate any privacy claims.
Changes are certainly brewing for companies engaging in international business. Be sure to inform your employees of the changes and stay up to date with the changing system.