Recently, German data protection authorities issued a position paper to address potential consequences of the Court of Justice of the European Union’s (CJEU) Schrems ruling on the handling of personal data. The first section of the paper summarizes the ruling, noting that the court found the Safe Harbor decision overly restrictive of the “supervisory powers of the European data protection supervisory authorities and does not follow the requirements of the provisions that empower the Commission to decide on the level of protection of a third country.” The remaining four sections of the paper consider the following: (i) the European Commission’s options to either adopt a new decision which declares U.S. law provides an adequate level of protection, or to push for an international treaty to include a data protection agreement with the U.S.; (ii) the legal basis for the transfer of personal data; (iii) private bodies’ use of standard contractual clauses, concluding that private bodies must “consider terminating the underlying standard contract with the data importer in the U.S. or suspending data transfers”; and (iv) enforcement concerning private bodies, noting that authorities will examine “whether orders against private bodies must be issued and on which basis data transfers to the United States must be suspended or banned.”