We update with new features. In case of any disruptions, you can refresh the page with CTRL+F5. For more information, contact support.
Contact us Log in
How should we deal with the invalidation of the Privacy Shield?

How should we deal with the invalidation of the Privacy Shield?

Since the Privacy Shield was annulled by the European Court of Justice on 16 July 2020, there is uncertainty in the market about the implications of this.

Many organisations need to be able to transfer personal data to the US, for example if a subcontractor or partner is located there. The rules for transferring personal data to third countries are very strict under the GDPR. Transit can only take place if the EU has agreed that the recipient destination meets the same or better level of protection as the EU, or that standard contractual clauses can be invoked. The legality of such a transfer based on standard contractual clauses requires an assessment of the legal system of the country to which the personal data is transferred. That is, whether, for example, the standard contractual clauses provide sufficient protection for the personal data of the data subjects. This is something that few, if any, companies and organisations in the world are in a position to assess. We now recommend that anyone transferring personal data to the US under the Privacy Shield takes steps to ensure compliance with the GDPR.

Ask yourself the following questions:

  • Do we have data flows to US-owned cloud services that contain personal data?
  • Can we verify with our suppliers that our data is stored correctly once the Privacy Shield is invalidated? Please also check subcontractors.
  • Should we review our privacy policies and remove references to the Privacy Shield?
  • Will this affect our data processing agreements? Ensure that transfers to the US are not made based on the Privacy Shield.
  • Ensure that your GDPR registers containing references to the Privacy Shield are updated. These are required by the GDPR to be kept up to date.
  • Are we clear on how to respond to our customers, students, partners, etc. who have questions about the invalidation of the Privacy Shield?

We at Storegate offer 30 min free consultation. We are more than happy to talk about how you can use Storegate's services to comply with the GDPR and properly manage the Privacy Shield invalidation.

Email info@storegate.com to book your meeting.

Tobbe      Julius

Similar articles