Fieldfisher has today published a report titled "Managing Global Data Residency Risk" , which takes an in-depth look at the issues surrounding Data Residency Rules and the available legal solutions that enable international exports of data. The launch of the report coincides with the start of the International Association of Privacy Professional's Annual Summit in Washington, DC.
In an increasingly data-hungry and interconnected world, data protection issues continue to take on greater importance and it is against this backdrop that the report has been produced. Data Residency Rules are national laws which prohibit organisations from transferring personal data outside of their country or region unless certain legal standards are met. Against this backdrop, the solutions available to international businesses for their international movements of data, particularly under the US-EU safe harbor framework, are increasingly coming under strain.
Fieldfisher's report compiles research by privacy specialists on 47 key territories worldwide, identifying which of them have data residency rules, the most common legal grounds for transferring personal data abroad, and the potential penalties for non-compliant companies. Fieldfisher's report reveals that 94% of the countries analysed have in place restrictions against moving personal data outside of the region, with 89% having local regulators capable of imposing sanctions for failure to comply with data residency rules.
The report also explores in detail whether the adoption of Binding Corporate Rules (BCR) enable businesses to overcome these data export constrictions. BCR, a set of binding internal policies and procedures that an organisation agrees in order to allow the intra-group transfer of personal data in compliance with data protection law, are gaining popularity in both EU and non-EU jurisdictions across the globe.
The cross-border transfer of personal data is coming under ever more scrutiny from regulators, the press, and individual citizens; it is incumbent on organisations to carefully consider how to manage their international data exports. This report is intended to be updated and expanded in years to come, serving as a valuable resource for companies grappling with the issues it explores.
Phil Lee, Head of US Office and Partner, Privacy and Information Law, said:
"The trend is clear – the adoption of data privacy laws is accelerating worldwide; and, with that, so too will the adoption of data residency rules. More than ever, global businesses need to ensure they have in place a sound strategy for ensuring their data export compliance. Our report shows that BCRS are gaining increasing international acceptance as a robust compliance framework for worldwide movements of data."
The Privacy and Information Law group team at Fieldfisher comprises 18 dedicated privacy and information lawyers across Europe and the US.