Determann’s Field Guide to International Data Privacy Law Compliance

Determann’s Field Guide to International Data Privacy Law Compliance

Lothar Determann

Companies, lawyers, privacy officers, developers, marketing and IT professionals face privacy issues more and more frequently. Much information is freely available, but it can be difficult to get a grasp on a problem quickly, without getting lost in details and advocacy. This is where Determann’s Field Guide to International Data Privacy Law Compliance comes into its own – helping to identify issues and provide concise practical guidance in an increasingly complex field shaped by rapid change in international laws, technology and society.

Chapter 4: Maintaining and Auditing Data Privacy Compliance Programs

Lothar Determann

Subjects: law - academic, information and media law, internet and technology law, law -professional, technology, media and telecommunications law


The maintenance challenge. Once you implement a data privacy compliance program, the work does not end. The maintenance phase begins. Some laws and programs require periodic actions. For example, the EU-US Safe Harbor Program requires companies to re-certify annually. Also, lawmakers around the world issue and revise laws constantly. Organizations transform in various ways, for example in mergers and acquisitions, spin-offs, reorganizations, relocations, international expansion, increased headcount and technology acquisitions. Also, employees in charge of privacy compliance may come and go. All of these changes have compliance implications. Documentation. In order to assure efficient maintenance and continuity, you should consider preparing a brief outline of your program, a list and location of key documents and decision makers and a compilation of information on the scope of previous compliance assessments (e.g., jurisdictions, vendors and services covered). Based on such documentation, you can answer questions about the program, assess quickly whether organizational changes trigger a need to update or expand the program, document periodical reassessments, guide audits and train colleagues or successors with respect to the data privacy compliance program. Taking over or auditing an existing compliance program. When you take over an existing compliance program (for example, in a new job) or when you audit a program (e.g., in the context of M&A due diligence), you could basically go through the same tasks as if you are implementing a new program and then ask for documentation or other confirmation that the requirements have been satisfied. Or you could ask more...

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information