For Security & Risk Professionals

Q&A: EU Privacy Regulations

S&R Pros Must Help Their Leaders Embrace Privacy Before Massive Changes To EU Law Take Effect

    Why Read This Report

    As a consequence of increasing global commerce, security and risk (S&R) professionals face the complexity of navigating data privacy regulations from around the world. Forrester clients frequently ask about European Union (EU) privacy regulations. While data protection requirements in the US are commonly industry-centric, those in the EU focus more broadly on the individual's right to privacy regardless of industry. This leads to a number of differences in how firms handle employee and customer data in the EU as opposed to the US, especially when transferring data between countries of varying regulatory standards. This report is an update to the report of the same name published on September 16, 2011 as part of Forrester's commitment to keep our clients up to date on the rapid pace of privacy regulation reform and its impact on business. In this report, we address common data privacy questions and highlight upcoming changes in the regulations that have the most impact on firms operating on a global scale.
    US $499
    Add To Cart
    Become A Client

    Get objective, pragmatic guidance that helps you make tough decisions and succeed in a complex world. Contact us to learn more.

    Already A Client?
    Log in to read this document.


    • 1. What are the fundamental laws regulating privacy in the EU?
    • 2. What is the Article 29 Data Protection Working Party, and what is its relationship to the European Commission?
    • 3. What does EU "privacy adequacy" mean?
    • 4. Which countries are considered by the EU to provide an adequate level of data privacy protection?
    • 5. What is Safe Harbor, and what is the controversy surrounding it?
    • 6. What does Safe Harbor mean for an EU company that wants to do business with a US data processor and for a US company that wishes to handle EU personal data?
    • 7. Does the USA Freedom Act apply to the EU divisions of a US-based company?
    • 8. Are there any provisions that allow me to transfer EU personal data to a third country that has not been deemed as having an adequate level of privacy protection by the EU?
    • 9. What provisions are contained in the model clauses?
    • 10. What are BCRs, and how would I apply them?
    • 11. What is Germany's data protection law, how does it affect my business, and what are the differences between it and the EU Data Protection Directive?
    • 12. What are the new and pending privacy legislations in the EU, and how might they affect companies doing business in the EU?
    • 13. What is the European Council's view on privacy for mobile devices and apps?