On July 7, 2020, the EU/US Privacy Shield was deemed invalid by the Court of Justice of the European Union (CJEU) as part of its ruling in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems. In the simplest possible terms, this means that the transfer of European Personally Identifiable Information (PII), or data from which any specific European citizen can be identified, to the US is now illegal. It also means that around 60% of the companies transferring data out of the EU are breaking the law as we speak. But what was the Privacy Shield for, what does the fact that it no longer exists mean in practice to marketers, and what steps can companies take to ensure they stay on the right side of the law?

When it comes to data protection, a storm has long been brewing. First came worries about Alexa eavesdropping in people’s homes and recording conversations (in November 2018 a New Hampshire judge ruled that audio captured in the home of a murder victim could be used as evidence in court). Then the Cambridge Analytica-Facebook scandal broke, with data harvested off people’s Facebook accounts being used to drive political advertising, potentially affecting the U.S. election result. Consumers’ growing concern has led to harsh new data protection regulations – GDPR came into force in Europe on 25th May 2018, then the California Consumer Privacy Act became effective in the state on 1st January 2020.

Data privacy is a hot topic these days, with the General Data Protection Regulation (GDPR) enforcing stricter guidelines for the use of personal data for EU citizens and the forthcoming California Consumer Privacy Act (CCPA) offering stringent powers to consumers who feel that their personal data has been misused.

These data management regulations, and similar laws in countries like Australia, Japan and Brazil, are starting to put pressure on organizations to establish systems and processes that demonstrate the responsible use of customer data.

Survey shows that, with less than a year until GDPR comes into effect, marketers still feel the need to hoard customer data

10 May 2017, BRISTOL, UK: Nearly 9 out of 10 (86%) UK and US marketers believe that for maximum success they need to collect as much information as possible on their customers. This is despite the fast approaching General Data Protection Regulation (GDPR), which encourages marketers to prioritise customer privacy over mass data collection.

Every week you’ll read a story about a company experiencing a data leak or breach. Often, with expensive repercussions. Needless to say, when it comes to the handling of business data, security and privacy is the watchword.

With this is mind, you want the confidence that your ‘data processor’ (someone who processes data on behalf of a ‘data controller’ – i.e. you) has controls in place to manage the security of such a vital business asset. This assurance comes in the form of an information security standard, known as ISO27001.