Privacy and Data Protection
Questions and Answers for NAVEX Global Customers:
European Court of Justice’s Decision and Impact to the U.S.-EU and U.S. Swiss Safe Harbor Frameworks
NAVEX Global works with you to protect your people, reputation and bottom line. As part of that commitment, we understand that recent decisions by the European Union Court of Justice have raised questions for our customers. Please read below for information on how we can help ensure that transfers of personal data from the European Union (EU) and Switzerland to the U.S. can occur in line with EU and Swiss data protection laws.
Q: What has happened to the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks?
A: On 6 October 2015, the European Union Court of Justice (CJEU) declared the U.S.-EU Safe Harbor program invalid resulting in transfers of personal data from the EU to the U.S. being deemed a violation of EU data protection laws where Safe Harbor was relied upon as the basis for such transfer.
On 22 October 2015, the Swiss data protection regulator declared the U.S.-Swiss Safe Harbor program also invalid based upon the CJEU’s ruling.
Q: What are the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks?
A: The U.S.-EU Safe Harbor Framework was developed and agreed to by the European Commission and the U.S. Department of Commerce in 2000 and the U.S.-Swiss Safe Harbor Framework was developed and agreed to by the Federal Data Protection and Information Commissioner of Switzerland in 2009. Each of these Frameworks enabled U.S. organizations certified under the programs to legitimately receive personal data from the EU and/or Switzerland.
More information about the programs may be found on the U.S. Department of Commerce’s website at: http://www.export.gov/safeharbor/.
Q: How did the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks apply to NAVEX Global products and services?
A: Any transfer of personal data (any information that can identify an individual) from the EU and/or Switzerland to the U.S. is affected by this ruling. Given that all NAVEX Global products and services collect personal data, and the data is transferred—or may be transferred—to the U.S., all products and services are affected by this ruling.
Q: What does this mean for my company using NAVEX Global products and services?
A: To ensure that transfers of personal data from the EU and Switzerland to the U.S. can occur in line with EU and Swiss data protection laws, we are offering our customers a data processing addendum that incorporates the European Commission’s standard contractual clauses (sometimes referred to as model clauses). These Standard Contractual Clauses will apply in situations where an alternate legitimate basis for transfer of personal data from the EU or Switzerland to the U.S. does not exist.
Q: What are the European Commission standard contractual clauses?
A: The Standard Contractual Clauses are a set of contract terms created by the European Commission to legitimize the transfer of personal data from Europe, where another legal means for the transfer does not already exist.
Q: How does my company incorporate Standard Contractual Clauses into my NAVEX Global contract?
A: You should complete, sign and return the data processing addendum to email@example.com. The data processing addendum, by its terms, will be incorporated into your existing agreement with NAVEX Global.
Q: What should I do if I have additional questions?
A: Please contact your sales account manager or our client support team (as noted below) and they will be happy to assist you.
Phone: U.S.: 1-866-297-0224, option 2
EU: +44 (0)208 939 1650
Email (by product):
Online Training—U.S.: firstname.lastname@example.org
Online Training—EU: email@example.com
The Network, a NAVEX Global company:
Phone: 1.800.253-0453. Choose option 4 for support.
Email: firstname.lastname@example.org (all products)