The Court of Justice for the EU issued a ruling that invalidates the primary data transfer agreement between the EU and the U.S. The ruling will have immediate and complex implications for data sharing between the EU and U.S. as the Privacy Shield can no longer be used by organizations to transfer personal data across the Atlantic.
Alan Brill, Senior Managing Director, and Yvette Gabrielian, Senior Director, in the Cyber Risk practice of Kroll, a division of Duff & Phelps, articulate how companies that relied on the Privacy Shield can move forward and remain compliant with EU law in a Law360 article. They highlight that until a new U.S.- EU agreement is reached, organizations must also utilize the Standard Contractual Clauses (SCCs) to comply with the EU law or face sanctions. Alan and Yvette additionally share best practices as part of a series of eight practical questions to help professionals assess and shape their ongoing business processes to fit this latest ruling.
Subscribers of Law360 can access the full article here.