I saw the other day that the European Commission, one of the bodies that passed the GDPR 6 years ago, has been accused of breaching its own legislation!
A German resident, assisted by a German organisation that helps those affected by data breaches is taking legal action.
The EC is running a conference, which sounds fine you might say. However, the website collecting the registration data transfers it to the United States.
You can transfer data around the world, but you need to be satisfied that the data will be protected to the same level as if it stayed in the EU.
There are a number of agreements between the EU and countries around the world that say the data standards are adequate. The UK has one, as this was necessary when we left the EU.
However, where the US is concerned, its Intelligence Services have unrestricted access to the data coming from the EU. And as you can’t challenge this or claim damages, transfers to the US do not meet the necessary protections under the GDPR.
The US did have agreements in the past which have allowed data to be sent there. However, the first version, Safe Harbor, introduced in 2000, was struck down in 2015 as not adequately protecting personal data. The replacement, the EU-US Privacy Shield, was also successfully challenged and declared invalid in July 2020.
There are continuing talks about Privacy Shield 2.0, but these have been slow.
So, what do you do if you want to send data to the US?
As a data owner, you have to make the decision whether that data will be protected, which with the situation in the US at the moment is a very difficult thing to do.
Deciding whether you can send data abroad is just one decision a business owner has to make when dealing with personal data, and if the lawmakers can potentially get this wrong, you as a business owner may think what chance have I?
And when it comes to using data for marketing, it may seem that it is not a risk worth taking.
However…
… you can use data in your marketing, as long as you follow the rules.
And if you don’t know or understand the rules, ask an expert.