Will this remedy the issue of Safe Harbour being ruled invalid?
Following the 2015 ruling that Safe Harbour was invalid, the Privacy Shield agreement has now been adopted in an attempt to remedy this issue. It is intended to provide a strong legal basis for companies to transfer data between the US and the EU.
However, it has been met with much criticism. It has been argued that it fails to adequately protect the personal data of EU citizens, so a legal challenge is likely to promptly follow its introduction.
As a result of this uncertainty, few companies have indicated their interest to sign up to the Privacy Shield.
When will it come into force?
It immediately came into force on 12 July in the EU. It is expected that US companies will be able to certify with the Department of Commerce from 1 August.
Will Brexit have an impact?
As with other EU agreements, it is not clear whether the Privacy Shield will remain in force in the UK. However, the UK Information Commissioner has made it clear that he expects standards equivalent to the General Data Protection Regulation (GDPR) to be applied in the UK post-Brexit to enable businesses to transfer their data between the UK and the EU in the ordinary course of business. Brexit is, therefore, unlikely to make a material difference to how employers plan for the GDPR and it, therefore, follows that the UK will adopt a similar arrangement to the EU when it comes to the transfer of data with the US.
Are you communicating this to employees and other stakeholders?
It is vital that employees are made aware of the changes and how it will affect them, and similarly to other stakeholders to demonstrate that you have a plan in place to review and update your data handling processes and policies to ensure compliance.
We can assist you with the creative, implementation and review of communications needed, in addition to refreshing your current policies and guidance notes.
Please get in touch if you would like an initial discussion about your communication needs.