Expert Advice Community

Guest

Privacy Shield being invalidated

  Quote
Guest
Guest user Created:   Aug 24, 2020 Last commented:   Aug 26, 2020

Privacy Shield being invalidated

Hi there - I'm *** from ***, a US-based company that acts as a data processor. We used your excellent GDPR toolkit to be compliant when GDPR first came out (May 2018). Recently, as I'm sure you know, Privacy Shield was invalidated. What advice can you provide on how to retain GDPR compliance going forward?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Aug 26, 2020

Since the European Court of Justice “invalidated” the Privacy Shield, data cannot be transferred on the ground of the previous adequacy decision made by the EU Commission. This means that now data transfers must have another legal ground like the Standard Contractual Clauses (SCC) or the Binding Corporate Rules (BCR).

The European Data Protection Board (EDPB) issued a FAQ on the implication on GDPR compliance of the ECJ solution and stated that the data controller must take additional measure to ensure the same level of protection of personal data assured by GDPR: https://edpb.europa.eu/news/news/2020/european-data-protection-board-publishes-faq-document-cjeu-judgment-c-31118-schrems_en

The main issue is that the US data controllers are forced to comply with US law which prevails over Standard Contractual Clause. The EDPB concluded stating that the data controller should consider storing or processing data elsewhere than the US.

You can process personal data outside of the U.S. if you use cloud providers which have servers in the European Union - all the major providers like Amazon AWS, Google Cloud, Microsoft Azure, and others have that option. 

You can find more information about data transfer here:3 steps for data transfers according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/3-steps-for-data-transfers-according-to-gdpr/

You can consider enrolling in our free EU GDPR Foundations CourseEU GDPR Foundations Course https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 24, 2020

Aug 26, 2020

Suggested Topics

Guest user Created:   Nov 22, 2017 EU GDPR
Replies: 1
0 0

Privacy Framework

Guest user Created:   May 09, 2022 EU GDPR
Replies: 1
0 0

Question about privacy notification