CareersContact

Looking for something?

Back to news and insights
Article

The Geopolitics of Data Transfer: What do companies need to consider when managing conflicts of law in a global investigation?

July 17, 2018
HomeNews and insightsThe Geopolitics of Data Transfer: What do companies need to consider when managing conflicts of law in a global investigation?

Business is internationalizing with substantial vigour, unfortunately, in many regions such as Africa and the Middle East data protection is trailing considerably.

Safe Harbor framework was created to establish a mechanism for which data could be freely transferred between the EU and the US. A rapidly internationalizing business world brought to light the inconsistency of data privacy safeguards amongst EU member states. These inconsistencies are cause for unrest for businesses. Hence General Data Protection Regulation (GDPR) was born to ensure constancy with regard to data protection. GDPR also has a wider scope than the previous directive with areas being expanded such as: territorial reach beyond the EU, equal ease for both withdrawal and granting of consent, risk awareness regarding international transfers, breach notification and more substantial penalties and fines.

After a review by the European Court of Justice, regarding the adequacy of the US-EU Safe Harbor Framework, Safe Harbor was invalidated in October 2015. The result of the invalidation was the creation of the EU-US and Swiss-US Privacy Shield which would provide greater accountability and oversight of data protection. Although the European Commission noted room for improvement the shield should provide adequate standards in line with GDPR.

Whilst data protection standards across the EU are high, with GDPR coming into full force as of 25 May, Israel remains the only Middle Eastern or African country with data protection to a sufficient standard from the perspective of the EU. Saudi Arabia has announced vision 2030 in which they want to increase non-oil exports from 16% to 50% by attracting finance companies and investment, although, doing so would require substantial developments in their data protection policies.

The inconsistency across EMEA and the US creates serious complications and uncertainty for firms operating in multiple jurisdictions. Weng Yee Ng and Jimmy Ko outline a few considerations when doing so, these are: Data mapping- such as origin and where it resides, risk management in relation to collection and preservation of data, training personnel on data privacy regulation and transfer protocol, transfer strategy and finally expert advice on privacy and transfer.

Read the full article in GIR's European, Middle Eastern and African Investigations Review 2018.

No items found.
Authors

Weng Yee Ng

Partner
Associée
,
London
Related expertise
Data & Technology
Forensic Technology
eDiscovery, eDisclosure and Digital Forensics
Get in touch
Related Experts
Related case studies
Related News and insights
Stewart Coombs

Stewart Coombs

Director
London
More info
Shivam Patel

Shivam Patel

Senior Associate
Dubai
More info
Joanna Fraser

Joanna Fraser

Senior Associate
London
More info
Grégoire Pettier

Grégoire Pettier

Manager
Paris
More info

Cryptocurrency Exchange Collapse Due to Fraud

Find out more

Cryptocurrency Exchange Collusion

Find out more
Article

Ofcom’s Online Safety Act multiplies companies’ penalty risk exposure

June 10, 2025
Article

What makes a robust fraud risk assessment

June 10, 2025
News

FRA Leadership Recognized in Lexology Index Investigations Guide 2025

June 3, 2025
Article

AI in investigations: mitigating risks related to accuracy, transparency and accountability

June 3, 2025

Contact Us

To request further information about our services and industry experience or to have an FRA Partner contact you directly, please complete the contact form or send us an email.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Article
Article
Data & Technology
Forensic Technology
eDiscovery, eDisclosure and Digital Forensics