The recent Court of Justice of the European Union (CJEU) Schrems II ruling, which invalidated the longstanding U.S.-EU Privacy Shield framework, has created a wave of uncertainty for the legal industry. Ever since the U.S.-EU Safe Harbor framework was retired in 2015 as a result of Schrems I, lawyers have faced challenges in ensuring the legality of transferring data between the EU and U.S. in multi-national litigation and investigations. For the last five years, Privacy Shield has been central to alleviating that burden. Now, lawyers are left wondering what’s next and whether their current standard contractual clauses (SCCs) for data transfers will remain viable. And if not, what options are left?
One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. By virtue of the GDPR accountability principle, organizations are required to adhere to the six fundamental principles of safeguarding privacy rights that impact the collection, processing and disposition of personally identifiable information. These obligations extend beyond the walls of an organization to third parties that process personally identifiable information. Also, GDPR provides for a broad definition of processing and imposes stringent requirements on organizations that engage third parties to process personally identifiable information.
Making an ECM implementation successful requires planning and attention to detail. The best way to create the right solution is to identify organizational goals and priorities. Learn how to manage a successful implementation in our free guide.
A potentially problematic challenge for industry and legislators is the apparent tension between privacy rights and the rapid adoption of blockchain-based applications which are expected to reach $10.6 billion in revenue by 2023.
More rigorous privacy regulations such as the EU GDPR and a number of US privacy initiatives such as the recently ratified California Consumer Privacy Act impose higher standards on data controllers and processors to safeguard privacy rights – including data subject consent management, accommodating data subject requests, data portability and more onerous data controller and processor accountability standards.
Digital data pervades virtually every aspect of our lives. IDC estimates that by 2025, digital data will grow to 163 zettabytes, 80% of which will be created by businesses. From autonomous cars, robotic process automation, intelligent personal assistants to smart home devices, the world around us is undergoing a fundamental change, transforming the way we live, work, and play.
It's hard to believe it has been just about three months since the General Data Protection Regulation (GDPR) went into effect on May 25th, 2018. This new regulation was designed to strengthen and unify data protection for individuals within the European Union (EU) and came with a strict set of compliance protocols. And, because GDPR also applies to the export of personal data outside the EU, it's applicable to any entity that uses or exchanges this data - so, there are a lot of us all around the world feeling the pressure of GDPR.