May 30th was the second anniversary of the EU’s enactment of the
General Data Protection Regulation (GDPR). And just like with the original
Data Protection Directive in 1998, a trade war is brewing. Back then, there
was significant disagreement over whether the US provided adequate
assurances of data privacy. The Directive prohibited transfers of Personal
Data to countries which did not provide adequate protection - and explicitly
stated that the US did not provide such protection. What resulted was a
mishmash of treaties, “Safe Harbor” agreements and other half measures,
none of which worked well. Some would argue this was one of the reasons
the EU scrapped the Directive and went to GDPR: to provide more uniform
rules for the collection, processing and storage of Personal Data.
The Court of Justice for the EU is likely to render a decision next month
which once again finds that data transfers between the EU and the US aren’t
legal, throwing transatlantic data transfers into doubt once again. There will
be bluff and bluster; threats and policy statements. And, as always, some
agreement will be reached but not without significant business disruption.
This is why our parent company Spectris went to the effort of adopting Binding Corporate Rules (BCRs). BCRs assure that we - both NDC Technologies and Spectris - have worldwide, enforceable standards for how we acquire, store, manage and process Personal Data. While BCRs won’t completely remove the threat of a transatlantic data war, it will help us avoid some of the uncertainty that others face while the data kerfuffle unfolds.
Learn more about NDC Technologies by touring our website.