Save or Share this Report

For Security & Risk Professionals

Q&A: EU Privacy Regulations

S&R Pros Must Help Their Leaders Embrace Privacy Before Massive Changes To EU Law Take Effect

June 14, 2015


Why Read This Report

As a consequence of increasing global commerce, security and risk (S&R) professionals face the complexity of navigating data privacy regulations from around the world. Forrester clients frequently ask about European Union (EU) privacy regulations. While data protection requirements in the US are commonly industry-centric, those in the EU focus more broadly on the individual's right to privacy regardless of industry. This leads to a number of differences in how firms handle employee and customer data in the EU as opposed to the US, especially when transferring data between countries of varying regulatory standards. This report is an update to the report of the same name published on September 16, 2011 as part of Forrester's commitment to keep our clients up to date on the rapid pace of privacy regulation reform and its impact on business. In this report, we address common data privacy questions and highlight upcoming changes in the regulations that have the most impact on firms operating on a global scale.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).


Table of Contents

  • What are the fundamental laws regulating privacy in the EU?
  • What is the Article 29 Data Protection Working Party, and what is its relationship to the European Commission?
  • What does EU "privacy adequacy" mean?
  • Which countries are considered by the EU to provide an adequate level of data privacy protection?
  • What is Safe Harbor, and what is the controversy surrounding it?
  • What does Safe Harbor mean for an EU company that wants to do business with a US data processor and for a US company that wishes to handle EU personal data?
  • Does the USA Freedom Act apply to the EU divisions of a US-based company?
  • Are there any provisions that allow me to transfer EU personal data to a third country that has not been deemed as having an adequate level of privacy protection by the EU?
  • What provisions are contained in the model clauses?
  • What are BCRs, and how would I apply them?
  • What is Germany's data protection law, how does it affect my business, and what are the differences between it and the EU Data Protection Directive?
  • What are the new and pending privacy legislations in the EU, and how might they affect companies doing business in the EU?
  • What is the European Council's view on privacy for mobile devices and apps?

Recommended Research