While the internet has provided million of business and interaction avenues, it has also provided avenues for data misuse by third parties through identity theft, fraud and phishing scams. As such, key information commonly stored by businesses, organizations and even governments including loyalty schemes, customer details, data collection, transactions and employee information, just to name a few, needs to be protected. To ensure this is adhered to, various rules and regulations have been set across the globe such as GDPR and Privacy Shield. While they have the same motive, which entails the protection of data, they have differences. 

What is GDPR?

Short for General Data Protection Regulation, this is a data protection framework that aims to unify data protection laws in Europe and protect European Union citizens from data abuse and misuse. Approved in April 2016 and enforced in May 2018, the provisions in this framework require businesses in the United States that collect or use EU data or have offices in Europe to comply with the GDPR guidelines.  

The GDPR is mandatory for every organization and applies to EU citizens as well as non-EU citizens who live in the EU. As such, it is actionable in the court of law and carries legal sanctions and fines if ignored, with the highest fine being 20,000,000 euros or an organization’s 4% global turnover, whichever is the lowest. 

In terms of human resource data, the European Commission involved in GDPR treats any information regarding an employee as personal data and is hence protected.  

What is Privacy Shield?

This is an agreement between the EU and the U.S that enables U.S companies to transfer personal data to and from EU countries and to satisfy GDPR requirements. It is an optional self-certification program and works under the dual control of the Department of Commerce and the Federal Trade Commission. The FTC is however mandated with the task of enforcing and monitoring compliance. 

In terms of legal representation, it is reviewed annually by both parties through representatives whereby both sides review the agreements and suggest changes to bring the GDPR and Privacy Shield together. 

There is, however, an area of contention in that the US Department of Commerce considers the transfer of employee data as the transfer of commercial data as opposed to personal data. Although failure to comply with the US Privacy Shield attracts sanctions and fines, they are less onerous. Among the types of sanctions include suspensions, fines of up to $40,000 per day in selected cases, injunctive awards, issuance of a cease and desist order and forceful payment compensation to affected people. 

Among aspects of the Privacy Shield include: 

• The use of personal data for specified purposes only
• Redress and protection are available to EU citizens 
• Reviewed jointly by the EU and the US

Similarities between GDPR and Privacy Shield

• Both aim at facilitating a data protection program that enables organizations to carry out business transactions with minimal disruptions 
• Both aim at protecting an individual’s data 

Differences between GDPR and Privacy Shield

Definition

GDPR refers to a data protection framework that aims to unify data protection laws in Europe and protect European Union citizens from data abuse and misuse. On the other hand, Privacy Shield refers to an agreement between the EU and the U.S that enables U.S companies to transfer personal data to and from EU countries and to satisfy GDPR requirements.

Enforcement

While the GDPR is enforced by the Court of Justice of the European Union, the Privacy Shield is enforced by the Department of Commerce and the Federal Trade Commission. 

Legality

The GDPR is mandatory for every organization dealing with both EU citizens and non-citizens. On the other hand, the Privacy Shield is an optional self-certification program. 

Treatment of human resource data

The European Commission involved in GDPR treats any information regarding an employee as personal data and is hence protected. On the other hand, the US Department of Commerce considers the transfer of employee data as a transfer of commercial data as opposed to personal data.

Scope

While the GDPR is applies to all organizations worldwide that process EU resident’s data, the Privacy Shield applies to organizations based in the US. 

Sanctions

The GDPR has strict sanctions. On the other hand, the sanctions and fines in Privacy Shield are lenient. 

GDPR vs. Privacy Shield: Comparison Table

Summary of GDPR vs. Privacy Shield

GDPR refers to a data protection framework that aims to unify data protection laws in Europe and protect European Union citizens from data abuse and misuse. It is enforced by the Court of Justice of the European Union and is mandatory to every organization dealing with both EU citizens and non-citizens. 

On the other hand, Privacy Shield refers to an agreement between the EU and the U.S that enables U.S companies to transfer personal data to and from EU countries and to satisfy GDPR requirements. It is enforced by the Department of Commerce and the Federal Trade Commission and is a self- certification program. Despite the differences, the two work together by helping organizations in the transfer of EU personal from the EU to the US.  

Sharing is caring!