Following our blog last week, the new Safe Harbour 2.0 agreement (called the EU-US Privacy Shield)
has now come into effect. This comes into force immediately but US companies won’t be able to certify until 1 August (i.e. sign up with the US Commerce Department to state that they comply with the requirements of the Privacy Shield and so allow EU companies to transfer personal data to them under this safeguard). After this date EU companies can rely on this agreement as an ‘adequate safeguard’ to transfer data to companies in the US who have self certified.
However, as set out in our previous blog, there may be turbulent times ahead, as the adequacy of Safe Harbour 2.0 may be called into question. So if you rely on the other ‘adequate safeguards’ which allow data to be transferred outside the EEA, such as the binding corporate rules, model contract clauses or other contractual arrangements, it may be best to continue to rely on such measures.
For more information about Safe harbour and the uncertainty over its future read our previous blog here: https://www.law-point.co.uk/blog/sittin-dock-bay/.