Blackbaud is one of the first organisations to certify to the US Department of Commerce that it adheres to the new EU-US Privacy Shield principles. These replace the Safe Harbor mechanism which for years many UK companies, including charities, had relied on legally to use the data processing services of US organisations and digital platforms.
Safe Harbor was struck down in October 2015 by the European Court of Justice following a legal challenge.
The Privacy Shield bridges the gap between U.S. privacy laws and those of the EU, and permits the unfettered flow of data from European countries to companies in the U.S. that certify their compliance with the Privacy Shield.
The European Commission adopted the Privacy Shield because EU law prohibits the transfer of data belonging to EU residents to other countries whose laws may not protect personal information as stringently as in the EU.
Now certified, Blackbaud can lawfully receive and process data from European customers and donors. Specifically the company’s participation in the Privacy Shield applies to all personal data that is subject to the Privacy Shield Principles and is received from the European Union, European Economic Area, and Switzerland.
The new framework requires all US companies to safeguard data better, provide clear notices, limit their collection and use of data, and give EU data subjects certain rights to access and correct their data.
Jon Olson, senior vice president and general counsel, said:
“Adhering to the principles of the EU-U.S. Privacy Shield aligns with our values and our pledge to our customers to always hold the protection of their data as paramount. The new robust framework provides clarity for global businesses like ours and peace of mind for our customers that their data is safe.”