following criteria:

                    Consent


                    Contract
                    Legal obligation


                    Vital interest of the data subject

                    Balance between the interests of the data holder and the interests
                    of the data subject

               The directive also outlines key rights of individuals about whom data
               is held and/or processed:

                    Right to access the data

                    Right to know the data’s source

                    Right to correct inaccurate data

                    Right to withhold consent to process data in some situations


                    Right of legal action should these rights be violated

               Even organizations based outside Europe must consider the
               applicability of these rules due to transborder data flow requirements.
               In cases where personal information about European Union citizens
               leaves the EU, those sending the data must ensure that it remains
               protected. American companies doing business in Europe can obtain

               protection under the Privacy Shield agreement between the EU and
               the United States that allows the Department of Commerce and the
               Federal Trade Commission (FTC) to certify businesses that comply
               with regulations and offer them “safe harbor” from prosecution.




                             You may have heard that the safe harbor agreement

                  between the United States and the European Union was declared
                  invalid by the European Court of Justice in October 2015. This is
                  true and left companies using safe harbor in legal limbo for nine
                  months. The Privacy Shield agreement replaces the invalidated

                  safe harbor agreement and was approved by the European
                  Commission in July 2016.