• Steinlein Group

Data Protection Compliance for US Companies

Data protection and privacy issues are some of the foremost concerns for companies operating today. The General Data Protection Regulation (GDPR) of the EU introduced binding standards and requirements for any company that offers goods and services to European customers, regardless of where they are registered. Therefore, companies across the globe have paid close attention to the changes that the GDPR introduced and what specific measures they can undertake to avoid being heavily sanctioned.

On the 27th of April 2021 Steinlein Group and Loughnane Associates hosted a training session that focused on data protection for US companies. During the online event we provided an overview of the European privacy legislation, its legal scope, how companies can determine whether the GDPR applies to them, and what steps need to be taken to ensure compliance.

The instructor, Mariam Chaduneli, discussed specific examples of US companies that were affected by the GDPR, focusing on their reputational loss and large fines imposed by supervisory authorities across the EU. This was followed with a breakdown of the most important principles of the EU legislation including transparency, purpose limitation, security, storage limitation as well as specific tips, technical measures and best practices for adhering to these principles.

The final part of the training focused on the framework of the EU-US data transfers, the Privacy Shield Agreement and the significance of the Schrems II case. Special emphasis was made on the principle of adequacy and the importance of ensuring the legality of data transfers between the EU and the US in the absence of the Privacy Shield Regime. Ms. Chaduneli also discussed the European Data Protection Board (EDPB) recommendations regarding the use of Standard Contractual Clauses (SCC), supplementary technical measures, as well as exceptions and derogations that apply to these requirements.

24 views0 comments