Recommendations regarding EU-US Privacy Shield

What recommendations would you suggest for a small/medium-sized business in light of the recent decision by the ECJ regarding the EU-US Privacy Shield?

The recent decision of the European Court of Justice (ECJ) has a huge impact on data transfer between the US and the EU. You cannot transfer data based on the decision of adequacy of the US Privacy Shield. Therefore, you need to find another legal ground for data transfer. Standard Contractual Clauses can be a solution.

The European Data Protection Board (EDPB) issued a FAQ on the implication on GDPR compliance of the ECJ solution and stated that the data controller must take additional measure to ensure the same level of protection of personal data assured by GDPR: https://edpb.europa.eu/news/news/2020/european-data-protection-board-publishes-faq-document-cjeu-judgment-c-31118-schrems_en

The main issue is that the US data controllers are forced to comply with US law which prevails over Standard Contractual Clause and Binding Corporate Rules (which is a solution for large companies and in some case medium-sized companies).

The EDPB concluded stating that the data controller should consider storing or processing data elsewhere than the US. 

You can find more information about data transfer here:

• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/

You can consider enrolling in our free EU GDPR Foundations Course

• EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//