When the European Court of Justice invalidated the Safe Harbor Framework, companies were left scrambling to determine how best to conduct day-to-day business involving data transfers between the EU and the U.S.
To remind us of our options, the European Commission released a communication setting out the alternative grounds upon which personal data may still be transferred outside of the EU in compliance with the EU Data Directive. None of this information is new and none of these alternatives will be an easy fix, but the communication serves as a noteworthy reminder. We’ve covered them in detail in our recent client alert.
As of today, the French Data Protection Authority and the Poland’s Generalny Inspektor Ochrony Danych Osobowych (GIODO) have also weighed in, attempting to help us all in the interim as the details are sorted out.
We can expect a series of communications as the various data protection authorities across the EU issue their own guidance. Bottom line: companies need to understand what data they maintain and transfer so they can develop an approach that allows them to handle any data being transferred internationally within the current fast-moving environment.