Posts Tagged ‘compliance’
In October last year, the US Safe Harbor regime was invalidated by Europe’s Court of Justice, meaning that personal data of Europeans could no longer be transferred by a company to US companies solely on the basis of such companies being Safe Harbor-certified.
At the time of the ruling, no replacement for the Safe Harbor principle was proposed. The European Commission gave itself a 3-months term to come up with an alternative solution, working towards January 31, 2016. It is not likely that this timeline will be met but we expect new developments to be made public in the coming weeks.
When doing business, you want to be able to trust your partners. In modern days, this means that every partner in the supply chain needs to implement a unified compliance approach to ensure the entire chain is certified. This can be a time and energy-consuming task however, which is not part of a company’s core business. For not only do you need to re-evaluate and adjust your processes to gain the certifications, the necessary audits can be costly as well.
It is good to know that there is an easy way out: look for an infrastructure partner that can provide you with compliance, including all necessary legal requirements, and incorporate third party controls and processes seamlessly into your own governance framework. See quickly and clearly all your security measures and be 100% sure that the necessary tools, control and processes are in place to cancel out continuity risks. Without affecting the operational efficiency of your business.
“The Court of Justice declares that the Commission’s U.S. Safe Harbour Decision is invalid.”
The Safe Harbour arrangement has been in place since 2000. It was formalized by the European Commission’s Safe Harbour Decision (2000/520/EC), and permitted the transfer of personal data of
Europeans to the U.S., to companies that are self-certified under the Safe Harbor Privacy Principles
and registered with the U.S. Department of Commerce.
Last Tuesday, in a landmark judgment, the European Court of Justice – Europe’s highest court – declared the Safe Harbour Decision invalid. At present, it is not yet fully clear what the consequences will be of this judgment of the ECJ. What is clear, however, is that data should no longer be transferred to U.S. organizations solely on the basis they are Safe Harbour-certified. Companies that transfer personal data from the EU to the U.S., or rely on the processing of personal data in the U.S., will need to review their data flows for compliance with EU data protection law. They will likely need to consider alternative cross-border transfer solutions, e.g. by applying binding corporate rules, EU model contract clauses and/or obtaining individual persons’ consent for the transfer of their data. That operation will be time consuming and expensive. All this could potentially have serious implications for cloud hosting providers and their customers, who are suddenly faced with data residency issues.
EU court strikes down trans-Atlantic ‘safe harbor’ data-transfer pact. Decision will affect around 4,500 companies. http://t.co/Xn4TxivBAz
— Wall Street Journal (@WSJ) 6 oktober 2015
Trust is built with consistency.
LeaseWeb has rapidly expanded its business across the globe in the past years. As a result, there were many separate and standalone certifications for different services and products within our organization, several of which overlapped. A restructuring of the compliance portfolio was needed. Last year, we started with a clean sheet to completely rebuild our global portfolio. In addition, we initiated the search for new audit partners who could support this mission together with our procurement department.
Today, I would like to provide you some insight into how we handled the restructuring.