On July 9th, the the Court of Justice of the European Union (CJEU) invalidated Privacy Shield, the EU-US agreement that allows unrestricted transfers of personal data from the EU into the US. Now, companies that used the Privacy Shield as a valid transfer mechanism must rapidly respond to find a new compliance mechanism that fits their business.
Impact: Companies that relied on the Privacy Shield for lawful GDPR data transfers can no longer legally transfer or process such data. To do so, is a GDPR violation. Questions you'll need to answer include: 1. Must I immediately stop the flow of data from EU to my US business/operations? 2. Can I keep and still process the data transferred to my company under the Privacy Shield? 3. Do I still have obligations under the Privacy Shield? 4. What other mechanism for transfer can I use? And, related, what are the implications of putting it in place and are there any operational changes I need to make? Of course, these questions are just the starting point for aligning your business to comply with the GDPR post-Privacy Shield. Where you go next depends on the answers and your current business structure. Expedite your post-Privacy Shield solution to GDPR compliance. We know that time loss for any business can result in customer and revenue loss. We also understand that the urgency to address this change varies for each business. Whether the decision put your business into a crisis management mode or your need is less urgent, we can help you answer these questions and bring your organization into compliance quickly. |
AuthorJenn Suarez, CEO Archives
October 2021
Categories |