New request from Spanish Data Protection Agency on the invalidity of Safe Harbor On 29 October 2015, the Spanish Data Protection Agency (SDPA), as a consequence of the CJEU ruling on 6 October 2015 which invalidated Safe Harbor, issued a formal letter to those companies registered before the SDPA which were carrying out international data transfers to US-Safe Harbor certified recipients, requesting them to comply with Organic Law 15/1999 on Data Protection and align said transfers to the legal requirements established for international transfers to non-safe countries. Companies had a deadline until January 29th to communicate to the SDPA whether they intended to continue said transfers and if so, to indicate the implementation measures in place to comply with the law. In March 2016, the SDPA made a new request to those companies which have not issued any communication and are still carrying out international data transfers to the US based on the Safe Harbor certification. These companies have to respond to such request within one month indicating the measures that have been put in place to comply with the legal requirements. For more information, please contact Raul Rubio, Patricia Perez, Rosario Alvarez, Ignacio Vela, Alvaro Ubeda or Cristina Monereo.