Learn how to keep your business, its staff and your devices protected with our free resources
Data Classification News
During the midst of a global pandemic, the European Court of Justice ripped up privacy laws which governed the transfer of European Union (EU) citizen personal data to 3,000 self-certified service providers in the United States (US), unsurprisingly including the likes of Amazon, IBM, Microsoft and Google.
You can be forgiven for missing the ruling which took place on the 16th of July, given our recent preoccupation with Zoom quizzes, face masks and at times the dwindling supply of toilet paper…
What this means in short, is that the special agreement the US had with the EU and the countries within it, governed by the GDPR, is now shrouded in uncertainty and transferring information to a US data processor falls under the same category as it would transferring to a processor in North Korea.
So, to ensure a lawful transfer of this information across the pond, alternative mechanisms such as Standard Contractual Clauses or Binding Corporate Rules can be applied depending on the transfer being external or internal to your organisation. Not terribly straightforward and the complexity does not end there. In its ruling the European Court of Justice placed the responsibility on organizations to assess the target countries legislations to ensure that these alternative mechanisms remain effective.
If you are not confused enough already, try mapping this to your data flows. What data has EU citizen information in anyway? What about the unstructured data?
Previous data classification blog posts have sung the virtues of data categorisation, such as being subject to legal hold. Is there ever a better time for perhaps applying a category for identifying EU Personal Data to help your business make better decisions on this type of information being held?
With the Brexit withdrawal still set to take effect on the 1st January 2021, who knows what other politically driven data residency laws may come to being. Having data labelled and indexed, should that event come, will no doubt make life easier for your IT Security and compliance teams…
To find out more about how Data Classification solutions can help with your privacy laws, contact the team of specialists at HANDD on 0845 643 4063.