The Privacy Shield, the mechanism which permits personal data transfers between the EU and the US, has passed its second annual review by the EU Commission on the 19th December 2018. In so doing, the Commission decided that the U.S. continues to provide an adequate level of protection of personal data, enabling the transfer of personal data from the EU to the U.S. The Commission's report highlights that it is still closely monitoring the adequacy of U.S data protection and indicates particular areas it continues to closely evaluate to determine adequacy. In particular, the report sets a deadline for the appointment of the as yet unfilled position of Privacy Shield Ombudsperson. If the vacancy has still not filled by the 28th February 2019, the Commission will "consider taking appropriate measures" in accordance with the GDPR. The previous mechanism for transatlantic data transfer, Safe Harbor, was declared invalid by court decision in 2015.
- Checklist Checklist: Complying with cookie requirements under the PECR and the GDPR (UK) Recently updated
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK) Recently updated
- Checklist Checklist: Data subject access rights under the GDPR (UK) Recently updated