{"id":10686,"date":"2018-04-19T10:33:27","date_gmt":"2018-04-19T09:33:27","guid":{"rendered":"http:\/\/www.imprima.com\/?p=2781"},"modified":"2025-05-29T15:15:09","modified_gmt":"2025-05-29T15:15:09","slug":"gdpr-an-international-context","status":"publish","type":"post","link":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context","title":{"rendered":"GDPR: An International Context"},"content":{"rendered":"\n

Download the PDF version of this whitepaper here.<\/a><\/p>\n\n\n\n

The global impact of the GDPR in relation to Brexit and the EU-US Privacy Shield<\/p>\n\n\n\n

GDPR – The clock is ticking<\/p>\n\n\n\n

Is your business ready?<\/strong><\/h4>\n\n\n\n

With just over five weeks until the GDPR comes into effect and less than one year before the UK is scheduled to depart the EU, it is understandable that many organisations feel a high level of anxiety around these major and fundamental changes. With so many changes happening in parallel there has also been a lot of information presented around these topics.
<\/p>\n\n\n\n

However, there still appears to be a level of unpreparedness and confusion<\/a> within companies on the impact these changes will ultimately have on the data protection and privacy landscape in Europe and beyond.<\/p>\n\n\n\n

To this end, Imprima will run a series of articles on the GDPR to help our clients deal with the new regulation in the context of sharing information via data storage and collaboration platforms.<\/p>\n\n\n\n

In this first piece, we look at the GDPR not only in the European context but also in terms of the wider international data protection landscape. As such, we will focus on how it impacts both the UK (pre and post-Brexit) and on data transfers between Europe and the US (EU-US Privacy Shield).<\/p>\n\n\n\n

What is the GDPR?<\/h4>\n\n\n\n

The General Data Protection Regulation (GDPR) represents the most important data protection regulation change in 20 years. The GDPR, approved and adopted by the EU Parliament in April 2016, replaces the Data Protection Directive 95\/46\/EC. The GDPR was designed to both update and harmonise data privacy and the various laws surrounding it across Europe. Its primary intent is to provide further data privacy protection and
empowerment of all EU citizens\u2019 and as a result reshape the way organisations across the region approach it. <\/p>\n\n\n\n

Furthermore, as the GDPR reduces 28 sets of different data protection laws to a single regulation with the aim of reducing compliance costs, complexity, risk, and uncertainty over-reporting for organisations; it should be seen as a benefit not only to EU citizens, but also all companies that need to embrace the change.<\/p>\n\n\n\n

\n

Once the GDPR comes into effect on 25 May 2018, all companies processing and holding the personal data of subjects residing in the EU must comply with it, regardless of location.<\/p>\n<\/blockquote>\n\n\n\n

GDPR, Brexit and Privacy Shield<\/h4>\n\n\n\n
\"Gdpr\"
Gdpr<\/figcaption><\/figure>\n\n\n\n

In order to fully appreciate the global consequences of the GDPR, it is essential to view it not in isolation, but against the backdrop of two other internationally significant items:<\/p>\n\n\n\n

    \n
  • The UK\u2019s exit from the EU<\/li>\n\n\n\n
  • The EU-US Privacy Shield<\/li>\n<\/ul>\n\n\n\n

    What happens after GDPR comes into effect but before the UK departs the EU?<\/h4>\n\n\n\n

    Once GDPR comes into force but before the UK leaves the EU (March 2019), businesses processing data in the EU can freely share data with the UK simply by virtue of the fact that the UK is still a member of the EU.<\/p>\n\n\n\n

    What happens after the UK leaves the EU on 29th of March 2019?<\/h4>\n\n\n\n

    After Brexit, the UK will become a \u2018third country. This means that data controllers in the EU countries will have to identify a specific legal basis within the GDPR upon which it can legally transfer personal data to the UK.
    The UK government initially declared it was aiming to get an adequate ruling from the European Commission on the UK\u2019s data protection capabilities, by aligning UK data protection law with the EU General Data Protection Regulation (GDPR) as closely as possible.<\/p>\n\n\n\n

    \n

    Adequacy decision \u2013 the EC has the power to determine whether a country offers an \u2018adequate\u2019 level of data protection<\/p>\n<\/blockquote>\n\n\n\n

    Should the EC grant an adequate decision to the UK, this would ensure the unhindered flow of data between the EU and the UK post-Brexit. However, in a recent speech the UK Prime Minister, Teresa May, went a step further when declaring:<\/p>\n\n\n\n

    \u201cWe will be seeking more than just an adequacy arrangement and want to see an appropriate ongoing role for the UK\u2019s Information Commissioner\u2019s Office (ICO). This will ensure UK businesses are effectively represented under the EU\u2019s new \u2018one-stop shop\u2019 mechanism for resolving data protection disputes\u201d.<\/strong><\/em><\/p>\n\n\n\n

    This crystal-clear commitment to data protection was warmly welcomed by the UK business community. The move to go further than the adequacy arrangement is seen by many as the right approach to support the UK\u2019s place as a leading tech economy.<\/p>\n\n\n\n

    The GDPR and EU-US Privacy Shield<\/h4>\n\n\n\n

    Under both the GDPR and its predecessor, the EU doesn\u2019t allow the transfer of data on its citizens outside of the country unless the country is deemed to have adequate data privacy laws. Unfortunately, the EU has deemed that the US does not have adequate data privacy laws. Organisations try to navigate this by adhering to the EU-US Privacy Shield.<\/p>\n\n\n\n

    What is the EU-US Privacy Shield?<\/h4>\n\n\n\n

    The EU-US Privacy Shield is a program where participating U.S. companies are considered to have adequate data protection and can therefore facilitate the transfer of EU data. The EU-US Privacy Shield\u2019s predecessor,
    the Safe Harbour Framework, was overhauled because the EU did not consider this agreement strict enough on data protection for their citizens. The GDPR protects the data of all EU citizens, regardless of whether they currently live in the EU.<\/p>\n\n\n\n

    GDPR: Key provisions<\/h4>\n\n\n\n

    Now we understand the context, what key new provisions are included within the GDPR?<\/p>\n\n\n\n

    The definition of personal data is much wider<\/strong>
    It now includes online identifiers, such as the id of your mobile phone while you browse the internet, along with HR, customer, and client records.<\/p>\n\n\n\n

    Expanded Territorial Scope<\/strong>
    The GDPR applies to all data controllers\/data processors processing the personal data of data subjects residing in the EU, regardless of the data controller\u2019s\/ data processor\u2019s location. This means that many non-EU businesses that were not required to comply with the Data Protection Directive will be required to comply with the GDPR.<\/p>\n\n\n\n

    Increased Enforcement Powers<\/strong>
    Under the GDPR, data breaches could result in fines up to 4% of annual global turnover (or 20 Million Euros, whichever is greater). Data processing procedures should be monitored and reviewed with the aim of minimising data processing and retention of data.<\/p>\n\n\n\n

    Evidence of Consent<\/strong>
    The GDPR requires a very high standard of consent for the processing of personal data. The burden of demonstrating that the legal standard of
    \u201cconsent\u201d has been achieved will lie with organisations, so businesses should review whether their documents and forms of consent are adequate, and check that consents are freely given, informed and specific. Businesses also must ensure that a data subject can withdraw his\/her consent to the processing of their personal data at any time.<\/p>\n\n\n\n

    Right to be forgotten<\/strong>
    You must be able to delete the name and personal information of any EU citizen on request. This means from any place, including backups, where that information might happen to reside. This will require you to become aware of where your data is and what\u2019s in it something many companies probably can\u2019t do now. If there is no legal reason to keep the data, it needs to be erased. If you have passed the details to a third party, you need to contact the other party and make sure they also do it.<\/p>\n\n\n\n

    Privacy by Design<\/strong>
    This is a central principle of the GDPR. Data protection considerations need to be considered from the outset of designing a new process, product, or service, rather than treating it as an afterthought.<\/p>\n\n\n\n

    Reporting Security Breaches<\/strong>
    The GDPR requires that businesses will have to report breaches that are likely to harm individuals to national authorities e.g. the ICO in the UK within 72 hours. Organisations should develop a data breach response plan enabling them to respond quickly in the event of a data breach.<\/p>\n\n\n\n

    Regulation on Data Processors<\/strong>
    The GDPR directly regulates \u201cdata processors\u201d for the first time. The current Data Protection Directive regulates data controllers rather than \u201cdata processors\u201d, who are organisations\/individuals engaged by a data controller to process personal data on the data controller\u2019s behalf.<\/p>\n\n\n\n

    Imprima\u2019s clients can rest assured we are a 100% European owned organisation, with servers based in the EU. W e are not reliant on any indirect adequacy provisions and will directly adhere to the GDPR, providing our clients with the ongoing pr otection that makes us the most trusted and secure data room provider in the industry.<\/h4>\n","protected":false},"excerpt":{"rendered":"

    Download the PDF version of this whitepaper here. The global impact of the GDPR in relation to Brexit and the EU-US Privacy Shield GDPR – The clock is ticking Is your business ready? With just over five weeks until the GDPR comes into effect and less than one year before the UK is scheduled to […]<\/p>\n","protected":false},"author":3,"featured_media":10168,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[167],"tags":[243],"class_list":["post-10686","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-breaches","tag-retain"],"yoast_head":"\nGDPR: An International Context - Imprima<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR: An International Context\" \/>\n<meta property=\"og:description\" content=\"Download the PDF version of this whitepaper here. The global impact of the GDPR in relation to Brexit and the EU-US Privacy Shield GDPR – The clock is ticking Is your business ready? With just over five weeks until the GDPR comes into effect and less than one year before the UK is scheduled to […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\" \/>\n<meta property=\"og:site_name\" content=\"Imprima\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-19T09:33:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T15:15:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"775\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lidia Nakonechnaya\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lidia Nakonechnaya\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\"},\"author\":{\"name\":\"Lidia Nakonechnaya\",\"@id\":\"https:\/\/www.imprima.com\/#\/schema\/person\/5b6fff67b049e6459c3d5dc8b82dad54\"},\"headline\":\"GDPR: An International Context\",\"datePublished\":\"2018-04-19T09:33:27+00:00\",\"dateModified\":\"2025-05-29T15:15:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\"},\"wordCount\":1543,\"publisher\":{\"@id\":\"https:\/\/www.imprima.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg\",\"keywords\":[\"Retain\"],\"articleSection\":[\"Data Breaches\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\",\"url\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\",\"name\":\"GDPR: An International Context - Imprima\",\"isPartOf\":{\"@id\":\"https:\/\/www.imprima.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg\",\"datePublished\":\"2018-04-19T09:33:27+00:00\",\"dateModified\":\"2025-05-29T15:15:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage\",\"url\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg\",\"contentUrl\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg\",\"width\":1024,\"height\":775,\"caption\":\"Flag Of The European Union\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.imprima.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GDPR: An International Context\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.imprima.com\/#website\",\"url\":\"https:\/\/www.imprima.com\/\",\"name\":\"Imprima\",\"description\":\"Secure Online Data Room Services by Imprima\",\"publisher\":{\"@id\":\"https:\/\/www.imprima.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.imprima.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.imprima.com\/#organization\",\"name\":\"Imprima\",\"url\":\"https:\/\/www.imprima.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.imprima.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2021\/05\/imprima-logo-new.svg\",\"contentUrl\":\"https:\/\/www.imprima.com\/wp-content\/uploads\/2021\/05\/imprima-logo-new.svg\",\"width\":507.43,\"height\":149.18,\"caption\":\"Imprima\"},\"image\":{\"@id\":\"https:\/\/www.imprima.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.imprima.com\/#\/schema\/person\/5b6fff67b049e6459c3d5dc8b82dad54\",\"name\":\"Lidia Nakonechnaya\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR: An International Context - Imprima","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context","og_locale":"en_US","og_type":"article","og_title":"GDPR: An International Context","og_description":"Download the PDF version of this whitepaper here. The global impact of the GDPR in relation to Brexit and the EU-US Privacy Shield GDPR – The clock is ticking Is your business ready? With just over five weeks until the GDPR comes into effect and less than one year before the UK is scheduled to […]","og_url":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context","og_site_name":"Imprima","article_published_time":"2018-04-19T09:33:27+00:00","article_modified_time":"2025-05-29T15:15:09+00:00","og_image":[{"width":1024,"height":775,"url":"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg","type":"image\/jpeg"}],"author":"Lidia Nakonechnaya","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lidia Nakonechnaya","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#article","isPartOf":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context"},"author":{"name":"Lidia Nakonechnaya","@id":"https:\/\/www.imprima.com\/#\/schema\/person\/5b6fff67b049e6459c3d5dc8b82dad54"},"headline":"GDPR: An International Context","datePublished":"2018-04-19T09:33:27+00:00","dateModified":"2025-05-29T15:15:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context"},"wordCount":1543,"publisher":{"@id":"https:\/\/www.imprima.com\/#organization"},"image":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage"},"thumbnailUrl":"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg","keywords":["Retain"],"articleSection":["Data Breaches"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context","url":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context","name":"GDPR: An International Context - Imprima","isPartOf":{"@id":"https:\/\/www.imprima.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage"},"image":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage"},"thumbnailUrl":"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg","datePublished":"2018-04-19T09:33:27+00:00","dateModified":"2025-05-29T15:15:09+00:00","breadcrumb":{"@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.imprima.com\/blog\/gdpr-an-international-context"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#primaryimage","url":"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg","contentUrl":"https:\/\/www.imprima.com\/wp-content\/uploads\/2019\/08\/iStock-134079853-e1567085017300.jpg","width":1024,"height":775,"caption":"Flag Of The European Union"},{"@type":"BreadcrumbList","@id":"https:\/\/www.imprima.com\/blog\/gdpr-an-international-context#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.imprima.com\/"},{"@type":"ListItem","position":2,"name":"GDPR: An International Context"}]},{"@type":"WebSite","@id":"https:\/\/www.imprima.com\/#website","url":"https:\/\/www.imprima.com\/","name":"Imprima","description":"Secure Online Data Room Services by Imprima","publisher":{"@id":"https:\/\/www.imprima.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.imprima.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.imprima.com\/#organization","name":"Imprima","url":"https:\/\/www.imprima.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.imprima.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.imprima.com\/wp-content\/uploads\/2021\/05\/imprima-logo-new.svg","contentUrl":"https:\/\/www.imprima.com\/wp-content\/uploads\/2021\/05\/imprima-logo-new.svg","width":507.43,"height":149.18,"caption":"Imprima"},"image":{"@id":"https:\/\/www.imprima.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.imprima.com\/#\/schema\/person\/5b6fff67b049e6459c3d5dc8b82dad54","name":"Lidia Nakonechnaya"}]}},"_links":{"self":[{"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/posts\/10686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/comments?post=10686"}],"version-history":[{"count":0,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/posts\/10686\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/media\/10168"}],"wp:attachment":[{"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/media?parent=10686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/categories?post=10686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.imprima.com\/wp-json\/wp\/v2\/tags?post=10686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}