For Security & Risk Professionals

Q&A: EU Privacy Regulations

    Why Read This Report

    As a consequence of increasing global commerce, security and risk (S&R) professionals face the complexity of navigating data privacy regulations from around the world. Forrester clients frequently ask about European Union (EU) privacy regulations. While data protection requirements in the US are commonly industry-centric, those in the EU focus more on the individual's right to privacy. This leads to a number of differences in how data should be handled in the EU as opposed to the US, especially in transferring data between countries of varying regulatory standards. This report is an update to the report of the same name published on September 16, 2011 as part of Forrester's commitment to keep our clients up to date on the rapid pace of privacy regulation reform. We address common data privacy questions and highlights upcoming changes in the regulations that have the most impact on organizations operating on a global scale.
    US $ 499
    Become A Client

    Get objective, pragmatic guidance that helps you make tough decisions and succeed in a complex world. Contact us to learn more.

    Already A Client?
    Log in to read this document.


    • 1. What are the fundamentals of the EU Data Protection Directive?
    • 2. What is the Article 29 Data Protection Working Party, and what is its relationship to the European Commission?
    • 3. What does EU "privacy adequacy" mean?
    • 4. Which countries are considered by the EU to provide an adequate level of data privacy protection?
    • 5. What is Safe Harbor, what is the controversy surrounding it, and why is 2014 a crucial year?
    • 6. What does Safe Harbor mean for an EU company that wants to do business with a US data processor and for a US company that wishes to handle EU personal data?
    • 7. Does the USA Patriot Act apply to the EU divisions of a US-based company?
    • 8. Are there any provisions that allow me to transfer EU personal data to a third country that has not been deemed as having an adequate level of privacy protection by the EU?
    • 9. What provisions are contained in the model clauses?
    • 10. What are Binding Corporate Rules (BCRs), and how would I apply them?
    • 11. What is Germany's data protection law, how does it affect my business, and what are the differences between it and the EU Data Protection Directive?
    • 12. What are the new and pending privacy legislations in the EU, and how might they affect companies doing business in the EU?
    • 13. What is the EU's "cookie" directive?
    • 14. What is the European Council's view on location privacy for mobile phones?