What are the Foreign Intelligence Surveillance Act (FISA) and Cloud Act?

Foreign Intelligence Surveillance Act (FISA) and Cloud Act are U.S legislations obliging American cloud providers to provide upon request to U.S intelligence agencies and courts individuals' data that they store, control and manage in the United States or even remotely.

These transfers, that are conducted without individuals’ consent and controllers being informed, are considered an invasion of data subjects’ privacy as they can’t oppose them.

When dealing with cloud providers situated in the US, the European Court of Justice has ruled necessary for business owners to put in place complementary security measures to protect personal data (like anonymization or encryption).

To counteract these legislations personal data can also be stored in the European Union (or in an adequate country) by a cloud provider which is not American.

Definition

What's a data breach notification

A personal data breach is a breach of security resulting in the destruction, loss, alteration or unauthorized disclosure of personal data.According to Article 33 of the GDPR, as a processor, you must notify controllers of any personal data breach as soon as possible after becoming aware of it and offer your assistance to assess the impacts on data subjects’ lives.
Definition

What's the legal basis for a processing activity?

To process personal data a valid lawful basis is necessary. There are six available lawful bases for processing:Consent: The data subject has given clear and affirmative consent to the processing of their personal data for a specific purpose.Contract: The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
Compliance

Can I transfer data outside the European Union?

Location where data is stored is a paramount criteria for controllers. If servers hosting data are located in the European Union or in an adequate country, data transfers can be operated without additional safeguards as these countries’ legislations are protective enough of personal data and individuals’ rights.

Become GDPR compliant in minutes!

Privacyboard helps you comply with GDPR easily so you can focus on what's really important for your business.
Start for free
Privacyboard

Product

PricingAbout

Ressources

BlogSubprocessorsKnowledge CenterGlossarySupervisory AuthoritiesEmail Templates

Legal

Privacy PolicyCookie PolicySubprocessorsRight RequestsTerms
Made in  🇪🇺  with  ☕️