Expert Advice Community

Guest

Document Set

  Quote
Guest
Guest user Created:   Feb 22, 2022 Last commented:   Feb 25, 2022

Document Set

American company going to do business with European clients to maintain health data on their patients. Will be hosting in AWS cloud. Is your standard set of templates inclusive of all I need? Does data have to be hosted in European cloud site???
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Feb 25, 2022

The Advisera GDPR toolkit includes all the necessary documents needed for you to complete your GDPR-compliance journey. Since you are processing special categories of personal data (health data), I recommend performing a Data Protection Impact Assessment, per Article 35. As part of the Advisera GDPR Toolkit, there is a DPIA Methodology document that can help you. Also, you need to consider informing the data subjects affected by these transfers. As part of the GDPR Toolkit, there are templates for Privacy Notices.

As an American company, you need to check whether you are subject to FISA 702 US Regulation. If yes, you need to take additional measures in order to protect EU data, according to Chapter V in GDPR - TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS. The best transfer mechanism to use in this case is the EU Standard Contractual Clauses, per art Article 46 – Transfers subject to appropriate safeguards, but you need to take additional measures such as encryption of data-at-rest and in-transit, with a key stored on a server in EU.

The risks would be clearly reduced if you have full storage of data on EU servers managed by an EU organization.

Please also consult these resources:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 22, 2022

Feb 25, 2022

Suggested Topics

Guest user Created:   Sep 26, 2022 EU GDPR
Replies: 1
0 0

Existence of data processing

Guest user Created:   Sep 20, 2022 EU GDPR
Replies: 1
0 0

GDPR implementation