Companies with offices and customers in some or all of the 25 EU countries need to think about whether or not they will pursue complying with Safe Harbor requirements (if they are eligible), create master contracts with each country for safeguarding and handling personal information, or do a combination of both. There are many factors to consider, including such things as how many countries the organization is in, how much and what types of personal information is collected and processed, as well as the jurisdictional issues in the event an organization goes to court for noncompliance.
What is your organization doing if you have EU presence and/or customers? Are you participating in, or pursuing, Safe Harbor? Using master contracts? Doing a combination? Please share your experiences and insights.