You may have heard the announcement on the 16th July surrounding the US privacy shield. If you didn’t, here is what happened. The European Court of Justice issued a judgement which invalidates the use of the US privacy shield as a way of exporting personal data from the EU to the US. Now that may sound a bit confusing, but basically what it means is that personal data transferred to a third country must have the same level of protection to that guaranteed within the EU by the GDPR.
Whilst there is no new guidance that specifies what to use instead of the Privacy Shield, only those who currently use it should continue. The Court also ruled that the transfer mechanism used to transfer data to countries worldwide is value. However, the methods of transferring data to the United States clearly needs reviewing.
So what does this mean for you? Here are some things you should be doing now:
- Keep an eye out for updated information from the European Data Protection Board and the European Commission (we will also be posting updates as they come in).
- Look at what data you are transferring outside of the EU (if any), and on what basis.
- Review whether you are currently using Privacy Shield as the only lawful basis.
- Determine whether any contractual agreements need amending following this judgement.
- Continue updating your data mapping and processing as we receive more news.
- Keep your Privacy Policies up to date every time you amend your data mapping.
Keep an eye on our website and social media channels for any update on this news. If you would like any further clarity please contact us and our team will be more than happy to assist.