I have to say that I’m proud – both personally and professionally – that Convercent’s name has been added to the U.S. Department of Commerce list of companies self-certified to the new Privacy Shield.
Why? Well, Convercent sits right on the crossover of technology and compliance – and for a company like Convercent, dealing with company, employee and similarly crucial data every day, being able to comply with the Privacy Shield principles for the protection of transatlantic data flows is clearly vital for our customers; it’s for that reason that Convercent moved fast following the European Commission’s launch in mid-July.
Our approach is simple:
- Obtaining Privacy Shield certification matters. Both to us and our customers operating in Europe – as it shows our commitment to the rights of personal privacy.
- Our goal is to build relationships based on trust. Our certification under Privacy Shield and delivering the necessary privacy policies and controls demonstrates the importance that we place in trust, compliance and relationships.
- Privacy matters, irrespective of whether a company or an individual is involved. Whilst the Privacy Shield certification is clearly important, it is more than just that – it is about respecting individuals and companies by honoring our commitment to keep their information protected and confidential.
- Being transparent about how we handle data is, again, a key part of our reputation and relationships, and essential to creating customer confidence; Privacy Shield registration is simply the right thing to do.
Our goal is to build relationships of trust,” says Cole Krems, Director of IT Security at Convercent. “Our certification under Privacy Shield and delivering privacy policies and individual controlled processes demonstrate this value.”
The new Privacy Shield legislation is markedly longer and more detailed than the old Safe Harbor and represents a major increase in standards and protection – reflecting just how seriously the U.S. is taking the need to address EU privacy concerns. As a consequence, previous Safe Harbor registrants are not allowed to be simply ‘grandfathered’ (transferred) across to Privacy Shield. It is this that clearly makes the new legislation challenging and is one of the reasons why many former Safe Harbor-certified companies have not yet been able to gain Privacy Shield certification.
Continuing awareness, however, is crucial; data protection in Europe is a changing landscape and, without a doubt, Privacy Shield will continue to evolve – as will the new European General Data Protection Regulation (GDPR) set to come into force in May 2018.
A brief background: European data protection law precludes the transfer of personal data outside the European Economic Area (EEA), unless the data recipient implements one of a handful of legal processes; until October 2015, one suitable process for importing data to the U.S. was the Safe Harbor framework. This involved self-certification, and meant that U.S. companies committed to protect imported EU data to broadly EU standards
However, in October 2015, the European Court ruled Safe Harbor invalid and since then the U.S. and EU have been engrossed in agreeing a replacement. The replacement, the EU-US Privacy Shield, was formally adopted by the European Commission in July.