Data Protection Law Made Easy
Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accom-paniment from the very start.
Tobias Höllwarth says: “Unfortunately, here in Europe it is not only our many different lan-guages that make things difficult for us: Cloud service providers and users alike are faced with major obstacles in regard to data protection, causing us to suffer massive and unac-ceptable competitive disadvantages in comparison with, for example, the USA.”
A vastly simplified approach has now been presented by Dr Tobias Höllwarth (EuroCloud) together with more than 40 legal from all over Europe. The website cloudprivacycheck.eu hosts the Cloud Privacy Check (CPC), a visual-design infographic explaining the principles of data protection regulations in 26 languages, allowing information seekers to quickly deter-mine key aspects.
The Cloud Privacy Check (CPC) is intended to simplify certain decisions and processes for most affected persons. Additionally, the Data Protection Compliance database provides highly relevant legal information for 32 countries that can easily be compared with each other.
Tobias Höllwarth (EuroCloud) says: “This is a European project. With the CPC portal, we have created the largest European information platform explaining data protection laws in the simplest possible terms and free of charge, making 32 different national regulations directly comparable. This allows companies to save thousands of Euros.”
Link CPC: cloudprivacycheck.eu
Dr. Tobias Höllwarth
CPC Infographic: www.dropbox.com/s/ixx138ntvbe605d/CPC%20Infografik%20deutsch.pdf;
Sample Country Report: www.dropbox.com/s/b9yg77unkp4lofd/AT_CPC-CountryReport.pdf;
Mockup Images: www.dropbox.com/sh/ikpal1y7let6xn6/AADIpXaYVeTuxVVS_LLvG7ATa;
Question: What is the added value of the Cloud Privacy Checks?
Höllwarth: The Cloud Privacy Check provides cloud service customers with an initial over-view of how to proceed. While the CPC cannot replace detailed examination together with a legal specialist, it lays out the fundamental legal framework, thereby saving time and costs for legal consultation.
Question: What does the first step of evaluation under the CPC look like, for example?
Höllwarth: In the first step of the CPC, we determine whether the examined service actually deals with personal data. If the answer is yes, the second step of the Cloud Privacy Check is performed. In this step, we check whether a third party processes or has access to personal data. This depends on the technical arrangement of the service, and a so-called transition point can be defined.
Question: Are there differences between national regulations?
Höllwarth: There are certain differences and peculiarities in almost every country, and being aware of them is precisely the point of our service. That is why we created the Data Privacy Compliance Reports, country reports that all share a common structure and juristic language. The small but significant differences I have mentioned are marked in orange in these documents.
Question: How do you plan to proceed with this approach?
Höllwarth: We have now established an international network of legal offices in more than 30 countries, and the CPC is available in 26 languages at no cost. Our information portal is designed to help people understand and apply data protection laws easily and quickly and to compare them between countries. We want the CPC portal to become the most important source of information on data protection issues. We will integrate the new European Data Protection Regulation, answer the most common questions asked by companies, and contin-ue to inform about the most important topics comprehensibly and free of charge.
Question: Is the CPC suitable also for larger customers with own legal departments?
Höllwarth: Yes. It should be noted, though, that the use of the CPC should be well coordinated with the internal legal department. It should not be forgotten that the CPC cannot replace a full legal assessment. Performing such analysis is in the responsibility of the internal legal department. They usually best know the challenges faced by their company. If the CPC is discussed early with the internal legal department it can, however, help to find a common lan-guage for data protection issues within the company.