UK Companies Express Compliance Concerns Over EU Data Security Ruling
(PRWEB UK) 29 October 2015 -- Historically, data protection law established in the US has not been stringent enough to provide the level of protection to meet European standards. A legal act, the EU Data Protection Directive, was passed in order to prohibit the transfer of data outside of the EU unless the receiving country could ensure data security.
Safe Harbor was devised to bridge the gap in US data security legislation, a self-certificating framework for US companies to claim an intention to comply with 7 Safe Harbor principles. For a more comprehensive explanation regarding the Safe Harbor framework visit this informative blog produced by UK live chat software provider Click4Assistance.
Following a complaint the ECJ conducted an investigation and found "in practice, a significant number of certified companies did not comply, or did not comply fully, with the safe harbor principles."
More worryingly "all companies involved in the PRISM programme, and which grant access to U.S. authorities to data stored and processed in the United States, appear to be Safe Harbor certified'. When the whistle was blown on PRISM, President Obama reassured US citizens that their data was not accessed and the PRISM programme operated under the’ Foreign Intelligence Surveillance Act’ (FISA). Therefore as the ECJ ruling went on to outline '’this has made the Safe Harbor scheme one of the conduits through which access is given to US intelligence authorities to collecting personal data initially processed in the European Union”.
The final nail in the coffin for Safe Harbor was as a result of EU citizens inability to enforce their data protection rights with “no opportunities for either EU or U.S. data subjects to obtain access, rectification or erasure of data, or administrative or judicial redress with regard to collection and further processing of their personal data taking place under the U.S. surveillance programmes."
With Safe Harbor failing to offer protection for prevention of access to data and the inability to insist your data is removed, the ECJ made the decision to invalidate the framework.
On 6th October 2015, The European Court of Justice passed legislation which now excludes Safe Harbor from compliance with the European Union Data Protection Directive. Businesses and organisations which continue to use suppliers and providers that store or process data outside of the EU, whether Safe Harbor registered or not, may now find themselves in contravention of Data Protection legislation.
Click4Assistance, an established UK live chat software provider, operate within the technology arena and have reported a sharp spike in interest from UK based companies and public sector organisations. Data is held and processed in in the UK, conforming to ISO standards and adhering to stringent regulations outlined by the FCA, DPA and PCI DSS.
Managing Director of Click4Assistance, Gary Martin, stated “Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment to this valid concern”
UK organisations have a responsibility to ensure the security of their data and now face a period of investigation and transition to approved suppliers. One answer is to look closer to home and buy British.
Source:
2013 EC investigation
2015 ECJ Ruling
Jill Stephens, Click4Assistance, http://www.click4assistance.co.uk, +44 1268524628, [email protected]
Share this article