Risk Evolves Logo Need help now?

Privacy Shield

HomeInformation SecurityCyber SecurityPrivacy Shield

Do you transfer data to the US? [Privacy Shield alert]

Each year, vast amounts of personal data is transferred between the EU and the US. The European Court of Justice (CJEU) has decided that one of the legal mechanisms that enables this – Privacy Shield – is now illegal.

The ramifications are huge. The Information Commissioner’s Office (ICO) recognises that ‘international data transfers, that are so vital for the global economy, suddenly become open to question’ as a result.

 

Why has it been made illegal?

In summary, the laws in the US mean that the Government there can step in at any time and review data for national security purposes without notifying the data subject in advance.

 

How will the Privacy Shield ruling affect my UK business?

Firstly, don’t panic. There are steps you can take right now.

If you transfer data to the US using Privacy Shield, then you need to stop. We’re reaching out to our clients and talking through the implications with them. We’re affected ourselves (we’ve relied on Privacy Shield for the cascade of our newsletter), so you can be sure that we’re determined to find alternatives.

We recommend that all businesses conduct a review to understand whether you – or any of your third parties with whom you share personal data – transfer information to the US. Check to see if you or a third party use standard contractual clauses (SCCs) or binding corporate rules (BCRs) as these have also come under scrutiny. Although they have been deemed to be valid, additional measures are required if you continue to use them.

Also think about the cookies you have on your website/s. Using a free tool such as Cookiebot will help you find out if you are compliant and understand where data is being transferred to.

 

Next steps

In terms of good news – we’re all in this together. Thousands of organisations across Europe are impacted by this change. We’re watching and waiting for more guidance from the European Data Protection Board and the ICO. We’re also following up with larger organisations who have relied on Privacy Shield to understand what their response will be…watch this space! In the meantime, there are some other transfer methods that can be used under Article 49 (geek alert!), but this is for occasional transfer of information or if there is consent in place for transfer.

If you’d like to find out more, visit the ICO website.

If you want to talk to us about any concerns, please get in touch.

282 Views
Share :

MD for Risk Evolves, Helen has worked in the IT industry since 1986. Helen is a leader in the areas of risk management and operational improvement, and works with companies in senior governance, risk and compliance roles. She is a member of the British Standards Institute and is a member of the BSI Committee creating a new guidance standard to assist organisations on how to become cyber resilient. Helen and the team at Risk Evolves work with organisations to improve their resilience through stronger process implementation and better communication and education of staff.

Related Post
  • 8 February 2024

Trello Data Leak: Millions Affected! Protect Yourself Now

  • 1 February 2024

Cybersecurity’s Secret Weapon? Mums! My Unexpected Career Change

  • 30 January 2024

Certify Safe, Not Sorry: Avoid Cyber Essentials Certification

  • 11 January 2024

Automotive Cyber Threat: Is the supply chain over

  • 21 September 2023

Enhancing Cyber Security with MyNCSC Toolbox

Leave a Reply