Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
LIECHTENSTEIN SUPERVISORY AUTHORITY: additional measures in order to guarantee an equal level of personal data protection.

LIECHTENSTEIN SUPERVISORY AUTHORITY: additional measures in order to guarantee an equal level of personal data protection.

Like it has been communicated by the Office for Personal Data Protection in the newsletter of the 17th July 2020, the agreement on data EU-US Privacy Shield, between European Union and the USA (adequacy decision of the European Commission) has been declared unvalid (Judgement CGUE C-311/18)

Anyway, the European Court of Justice has also clarified that in its judgement personal data can be shared to USA and in other countries based on other adequate guarantees according to the Article 46 and the following GDPR, in particular based on the contractual standard clauses on personal data protection, provided that the data exporter after its own assessment reaches the conclusion that data of data subjects in the third countries have a level of protection that is the same as in the European Union. 

Not only are the rights of people affected and the guarantees of legal protections which must be assessed, but also, for example, the access options by the Supervision Authority which exceed than what is permitted in Europe. If it does not guarantee an equal level of protection of personal data. 

The European Data Protection Board (EDPB) has published a recommendation about, which is open till the 21st of December 2020. (The office will inform you as soon as the final version of the document will be available). The document describes a procedure with 6 steps in order to support the data exporter in clarifying additional measures to legal instruments or adequate measures for data transfers to third countries (graphic). 

In the annex 2 of the document there are specific examples of applications, based on which are listed eventual additional protection measures. The measures can be divided into:

  • technical measures
  • contractual measures
  • organizative measures

Is part of the data exporter projects the additional measures implemented in a way that, in addition to the guarantee according to the Article 46 of the GDPR, can be ensured also the data transmission in compliance with the GDPR. 

If, despite a careful assessment of possible additional measures, the data exporter does not reach to a conclusion that it can be guaranteed an equal level of protection in the third country, the transfer of data must be interrupted or neglected. 

The Office of Personal Data Protection underlines that in this actual juridical situation, the use of many USA applications must be considered in a critical way. With the expiry of the EU-US privacy shield, not only has the most frequently used legal basis for the associated data transfer to the US disappeared, but it is currently not possible to achieve an equivalent level of data protection in most cases with additional measures.

Updating of standard data protection clauses

In parallel, the European Commission is currently reviewing the standard contractual clauses pursuant to Article 46 paragraph 2 letter c GDPR. The draft document is already available on the European Commission’s website. The final version should be available in spring 2021.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI LIECHTENSTEIN

Recommended to you

Advanced Research