What’s the issue?

Anyone dealing with personal data travelling from the EU to the USA cannot fail to be aware of the fallout since the CJEU declared the Safe Harbor scheme (one of the recognised data export mechanisms) to be invalid. The European Commission has moved relatively quickly to replace Safe Harbor, giving adequacy to the new self-certification scheme, the EU-US Privacy Shield, in July 2016.

The US Department of Commerce has been accepting applications for self-certification under the Privacy Shield since 1 August 2016, and has published information to help organisations through the application and compliance process.

What does this mean for you?

If you are headquartered in the US, or are part of a group of companies which includes a US-based company accessing, receiving or processing personal data (including HR data) from the EU (but not yet the wider EEA), you may want to consider signing up to the Privacy Shield as a data export solution.

For more about applying for self-certification and tips on how to comply successfully with the Privacy Shield, read our article.