GDRP - Transfer to the US
Assign topic to the user
1. If an EU affiliate brings in a new hire and takes down their personal data, and it gets stored on my company’s global HR platform or on hard drives or serves in the US, is that a cross border transfer?
2. Does the fact that it is a US company holding the data make a difference? In other words, has the Commission decided that the US ensures an adequate level of protection?
3. And most importantly, what agreements or series of agreements should I have in place for a US company with EU affiliates?
Answers:
1. Yes it does, the fact that the HR platform is hosted in the US is consistent with a cross border transfer of personal data.
2. The EU Commissions has not issued a adequacy decision for the US. So, the answer would be no. However there is Privacy Shield which was developed by the EU and US provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. So if the US subsidiary is certified according to Privacy Shield the transfer is permitted.
3. You can chose to rely on Privacy Shield as a safeguard for the transfer or you can have a Intragroup Data Transfer Agreement based on Standard Contractual Clauses between the EU to and US entity.
To find out more about cross border data transfers check out our webinar “ How to make personal data transfers to other countries compliant with GDPR” https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
Comment as guest or Sign in
May 17, 2018