DPOs Encouraged to Act Now on Invalid Privacy Shield

Businesses should prepare for the post Privacy Shield era now, and get binding corporate rules (BCR) and standard contractual clauses (SCC) in place for their own data protection.

Speaking on a conference call after the earlier decision around Privacy Shield being declared invalid, Cordery partners Andre Bywater and Jonathan Armstrong called the announcement “among the most eagerly awaited” in the field of data protection.

Bywater advised listeners that it is worth them doing some due diligence “to see who they are sending data to so they are fully protected.” He said he had not expected Privacy Shield to be invalidated, and it has been declared invalid due to concerns around US domestic law and the access and use of European residents’ data.

With it appearing unlikely that there will be any type of grace period, he recommended putting in SCCs where there is an issue. An SCC is an obligation imposed on both the exporter and the importer of data between the EU and third countries to ensure that data transfer arrangements protect the rights and freedoms of data subjects.

Armstrong said it may be the case that SCCs are “probably the only game in town for people” and depending on national challenges, we “could end up with the nightmare where some authorities accept SCCs and some do not.”

Armstrong explained that he does not expect a new and improved version of the Privacy Shield, and while there are more groups that h ..

Support the originator by clicking the read the rest link below.