Privacy Compliance

  • The General Data Protection Regulation

    The most comprehensive set of privacy laws ever developed, whether you are based or just trade in Europe you must abide by these regulations. Users have to be protected on the basis of fairness and transparency, there are limits on what data can be collected and processed. The 99 articles detail how data must be assessed for risk and relevance, those who supply their personal data have rights to delete and access any information you hold on them.

  • The Privacy and Electronic Communications Regulations

    Often referred to as “Cookie Law”, this legislation governs electronic communication specifically. The EU is replacing the current e-privacy Directive (of which PECR is derived) with new e-privacy Regulation to complement GDPR. However, until this is agreed, PECR continues and has been adapted to allow for GDPR. PECR details the rights of individuals, how they are contacted, by what means, how they are monitored online through tracking technologies as well as covering security and associated telecommunications protection.

  • ePrivacy Regulation

    This regulation will be implemented shortly, the current legislation, the e-Privacy Directive (implemented in the UK as PECR) as a directive required local implementation resulting in variable legislation and non-standard enforcement. e-PR sets to align all electronic communication regulations across the jurisdiction much in the way GDPR does for general privacy. This is expected to be signed in to law in the next 12 months and will comprehensively update the legislation, taking account of technological developments and practices and existing GDPR principles.

  • California Consumer Privacy Act

    Derived from GDPR, although the protections are not as strong or as comprehensive as GDPR. Organisations must provide the right of access and annually give a free-of-charge report on the data they hold to individuals, as well as give rights to individuals to object and cease their data being collected or sold. There can be no discrimination against individuals who object sharing their data, services cannot be excluded or cost more to individuals because of their preferences. Organisations are responsible to ensure reasonable safeguards are in place to protect any personal information they hold. This is currently only operational within California, similarly as with GDPR, it applies to both residents and organisations trading within the jurisdiction. There are efforts within Federal US government to develop country-wide legislation, this is emerging and we expect no great changes in the next 2 years.

  • South America

    Brazils equivalent of GDPR, due to come in to effect February 2020 continues the ripple effect of GDPR and the global effort to align privacy legislation. The Lei Geral de Proteção de Dados Pessoais (LGPD) is very similar in its construct with GDPR with some slight differences, notably the lawful basis for processing, which is comprised of 10 categories as opposed to the GDPRs 6. Sensitive data are given higher protections and there are restrictions on international transfers.

  • Privacy Shield
    Privacy shield was developed to allow transatlantic cross border data transfers to meet the legislative requirements of the GDPR, replacing the Safe Harbour framework which was incompatible with GDPR. It is important to note that Privacy Shield is not a GDPR compliance mechanism, but only enables participating companies in the USA to meet the EU requirements for transferring personal data to third-party countries.
    The mechanism was developed by the US Department of Commerce, European Commission and the Swiss Administration and is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce. This voluntary framework enables U.S.-based organisations to join one of two Privacy Shield programmes in order to benefit from frictionless E.U. and U.S. or U.S. and Swiss data transfers. Although the framework is voluntary, once adopted by an organisation it becomes enforceable under federal law.