The 1995 directive also recognizes the possibility for states
To transfer personal data to third countries provided that the “third country in question ensures an adequate level of protection”. Therefore, you need to make sure that the transfers you make meet this criterion. May 2018: legal regulations that tend to evolve The next European data protection regulation (GDPR) will come into force in 2018. While the text incorporates most of the provisions currently in force, it also includes its share of new features: The principle of accountability Currently, companies that collect personal data are subject to prior Japan Email List declaration or authorization obligations with the CNIL. The principle of accountability removes that. From now on, companies will have to put in place “appropriate technical and organizational measures” to comply with the regulation.
Companies will therefore no longer have to make this declaration, as long as they can demonstrate that they have done everything to comply with European regulations in the event of an inspection. The application of European law to all actors processing personal data The territorial scope of European law will largely evolve in favor of a new extra-territorial application. From now on, non-European actors will be concerned when they process the data of European citizens. In addition, the regulation states that from the moment you process data concerning a European citizen, you will be affected by the regulation.
NB: the provisions of the new regulation remain, for the moment, theoretical.
Their concrete application should be awaited by 2018. If you liked this article, check out our article on the new fields of application of the law or our white paper on the legal aspects of lead generation. Do you want to be supported in your process of increasing your leads ? We invite you to contact our teams for more information. However, it was subsequently observed that the European Commission
Pending the entry into force of the next European Regulation in this area, we will have to be content with the Privacy Shield, which entered into force in August 2016. The G29 had the opportunity to comment on the subject. From this opinion emerges the obvious lack of clarity of the agreement, particularly on the commercial side … What to do in case of insufficient protection? The European Commission may not accept that a state’s system provides sufficient protection. Article 70 of the Data Protection Act states that if the European Commission finds an insufficient level of protection, it will refer the matter to the CNIL which will issue a receipt prohibiting the transfer of data to this state.
In this regard, Article 26 of the Directive sets out a number of exemptions
These exceptions are included in article 69 of the Data Protection Act. In commercial matters, international transfers of customer-prospect files are possible in the following cases: The transfer must be necessary for the performance of a contract between the controller and the data subject It must be necessary for the conclusion or performance of a contract concluded between the controller and a third party It being specified that the consent of the person concerned will be required. Thus, it will suffice, for example, to obtain the consent of the data subject to transfer their data to a state whose level of protection is not sufficiently high. This raises ethical questions. Indeed, some states have a notorious reputation for not respecting the rights of individuals in this area ..
Do companies have other tools? In the situation where a State does not meet the criteria of the European Commission and where no derogation is possible, what can companies do? … Specific tools are made available to them to carry out international transfers of customer-prospect files . The standard contractual clauses of the European Commission As their name suggests, these are models of standard contracts issued by the European Commission. These contracts are two in number: The clauses governing transfers between two data controllers The clauses governing transfers between a data controller and a subcontractor Thus, transfer contracts will be subject to contractual rules guaranteeing a sufficiently high level of protection.