As a security incident responder,EU Privacy laws is always a barrier dealing with a security incident involving a device/person in Europe. It sucks.
US Safe harbor is a way to get that information legally where in your organization which is in US has to be Certified (self or third party) to follow US Safe Harbor Framework to ensure below principles.
Notice – Individuals must be informed that their data is being collected and about how it will be used.
Choice – Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
Security – Reasonable efforts must be made to prevent loss of collected information.
Data Integrity – Data must be relevant and reliable for the purpose it was collected for.
Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
Enforcement – There must be effective means of enforcing these rules.
However, Its not easy. It involves lot of cost setting up a secure environment.This where many companies fails to recertify every year. As per galexia.com,Only 348 organisations passed this Compliance to a good degree.
In today’s world, security is very important you can take pride to boost confidence to your client, your money pocket.