The Court of Justice for the EU issued a ruling that invalidates the primary data transfer agreement between the EU and the U.S. The ruling will have immediate and complex implications for data sharing between the EU and U.S. as the Privacy Shield can no longer be used by organizations to transfer personal data across the Atlantic.
Alan Brill, Senior Managing Director, and Yvette Gabrielian, Senior Director, in the Cyber Risk practice of Kroll, a division of Duff & Phelps, articulate how companies that relied on the Privacy Shield can move forward and remain compliant with EU law in a Law360 article. They highlight that until a new U.S.- EU agreement is reached, organizations must also utilize the Standard Contractual Clauses (SCCs) to comply with the EU law or face sanctions. Alan and Yvette additionally share best practices as part of a series of eight practical questions to help professionals assess and shape their ongoing business processes to fit this latest ruling.
Subscribers of Law360 can access the full article here.
Stay Ahead with Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident response, regulatory compliance, financial crime and due diligence engagements to make our clients more cyber resilient.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.