On July 12, 2016, the European Commission approved the EU-U.S. Privacy Shield, which replaces the invalidated Safe Harbor Decision that had established a legal framework for personal data transfers for business purposes between the European Union and the United States.
The new system allows European companies to transfer data to U.S. companies adhered to the data protection principles established by the U.S. Department of Commerce, which are equivalent to those established by the European regulation.
From August 1, 2016, U.S. companies can adhere to this self-certification system. The list of companies that are part of the Privacy Shield is available in this link.
International data transfers to these companies, within the framework of their adhesion, will not require the Spanish Data Protection Agency’s authorization, but the Agency must be notified of the transfers. For this purpose, the Agency has enabled the “US – Privacy Shield” option in the international data transfers section of the data file notification official form (under Spanish law, before processing personal data, data controllers must register the personal data files with the General Data Protection Registry).