Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

The Schrems Decision and Compliance

Tom Fox | October 27, 2015

While most commentators have focused on the Schrems decision around the lack of U.S. data privacy protection from government or company intrusion, for the compliance function, the decision raises serious issues on two significant areas of any best practices compliance program—hotlines and internal investigations. 

Anonymous hotlines have long been problematic in the European Union, because of privacy concerns and concerns around anonymous claims of illegal conduct. Such concerns were generally satisfied via a certification that the U.S. company had met the requirements of the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland. This Safe Harbor provision, however, is no longer legal, and information developed through a hotline can no longer be brought to the United States from a country that...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.