Blog

Google has agreed to major privacy improvements for its Google Workspace for Education services for schools and universities in the Netherlands. After intense negotiations with representatives of the schools and higher education institutions in the Netherlands, Google has agreed to mitigate the high data protection resulting from the use of Google Workspace for Education. These risks were identified in a DPIA conducted by Privacy Company for two universities.

When publishing the new Standard Contractual Clauses the European Commission (hereafter: Commission) did something remarkable. The Standard Contractual Clauses (SCCs) are meant to enable the transfer of personal data from the European Union (EU), Norway, Iceland, and Liechtenstein (European Economic Area, EEA), to a country outside the EEA that does not guarantee an adequate level of protection to the data. By agreeing on additional safeguards, the exporter and importer can still process the data safely in the recipient country. The Commission has now unexpectedly changed the definition of international transfers. It is no longer the case that every transfer of personal data to a system outside the EU/EEA is qualified as an international transfer. Rather, a transfer only qualifies as an international transfer if the personal data will no longer be directly protected by the GDPR in the recipient (third) country. The Commission states that organisations may only use the SCCs if the GDPR does not already apply to the importer in the third country anyway.

The Dutch Ministry of Justice and Security has issued a European tender for the performance of Data Protection Impact Assessments (DPIAs) on software and cloud services. We are proud to announce that the tender has been awarded to Privacy Company!

In strong partnership with the renowned law firm BDV Legal, Privacy Company Croatia will from now on deliver the practical and qualitive services our customers appreciate so much. From the Zagreb office, we are able to assist clients in the neighbouring countries of Slovenia, Serbia, Montenegro, and Bosnia and Herzegovina, thus bringing broader presence to the region. For Privacy Company, this step marks an important moment in its approach to become a leading European provider of privacy services.