Zivver achieves DCB0129 status for NHS Clinical Safety Risk Assesment
Recently the European Union Court of Justice ruled that the Privacy Shield is no longer valid, which sent shockwaves in the industry. The Privacy Shield, which many organizations utilized for transferring data from the EU to the US, was determined to not provide enough protection of personal data.
The court ruled that the domestic laws in the US didn’t facilitate the requirements of the EU when it comes to data protection. The main reason is that there are no sufficient safeguards to prevent American government institutions from getting access to European data if it was transferred to the US.
Privacy Shield is no longer valid
This decision may have come as a surprise to some but it was to be expected. The precursor of the Privacy Shield, ‘Safe Harbor’, was also ruled invalid by the European Court of Justice in 2015. The Privacy Shield that was setup to ‘replace’ Safe Harbor, to ensure that data transfers could continue, has been the subject of discussion amongst privacy experts ever since.
If the Privacy Shield is no longer valid, it’s significantly harder to guarantee a suitable level of protection of personal data and the data subject rights when data is transferred to the US. At this time it’s still unclear how this guarantee could be provided at all.
Zivver is still compliant due to our core: GDPR
Fortunately, this outcome has no impact on Zivver. From the moment Zivver was founded a core principle was to guarantee proper handling of the end-user data in our systems. The decision was made that the end-user data should only be stored and processed in the European Economic Area in which processing would automatically be subject to the General Data Protection Regulation (GDPR). This ensured that the end-user data would be handled properly, protected carefully and that data subject rights would be in place.
Of course, processing data within the EU should not be the only safeguard in place. Wherever personal data is stored, to comply with the GDPR and sufficiently protect people’s privacy, it’s necessary to further protect this data. For this purpose Zivver applied an advanced encryption technique that makes it impossible for our data processors to decrypt messages and attachments that are sent through Zivver. Please read our white paper on Privacy by Design for more information.
The above has been reviewed and confirmed by our external DPO of ICTRecht.
Our Promise: Privacy by Design
Are you curious how Zivver uses asymmetric encryption? How we deal with customer-friendly and secure management of encryption keys? And how our product makes use of privacy by design?