European Commission Publishes Final Version of Standard Contractual Clauses, Imposes Obligations on Data Controllers and Processors

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses (“SCC”) for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”).  The Commission also released the final version of the new SCCs. (LINK) The new version of the SCCs is in part a response to the decision in the Schrems II case, which raised questions about whether they provide necessary protections for the trans-Atlantic transfer of data. The European Commission’s release in November 2020 of draft versions of the implementing decision and the SCCs was discussed previously in this blog. The guidance makes clear that…

READ MORE

European Commission Publishes Draft Decision Finding UK Law Provides Adequate Protections for EU Data

On February 19, 2021, the European Commission published a draft decision finding that UK law provides an adequate level of protection for EU residents’ data. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction. They also will not need to implement data transfer mechanisms, such as the EU Standard Contractual Clauses, to comply with the requirements of the GDPR. The draft decision comes after a year of review by the European Commission, which concluded that the UK’s legal and regulatory data protection regime meets EU data protection adequacy requirements. It also provides for…

READ MORE

EU-U.S. Privacy Shield Review Report Outlines Steps To Improve Enforcement and Monitor Compliance

The Privacy Shield – a mechanism by which U.S. companies can legally transfer data to the European Union, continues to draw the attention of regulators and policymakers. On December 19, 2018, the European Commission (the Commission) announced the publication of its report on the second annual review of the EU-U.S. Privacy Shield. The report offers companies insight into what aspects of the Privacy Shield officials find most important and what steps are planned to strengthen enforcement and oversee compliance. Background The EU-U.S. Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Companies must self-certify that they meet the requirements of…

READ MORE

Not Just for Large Multinationals: U.K. Information Commissioner’s Office and Article 29 Working Party Issue GDPR Guidance for Small Businesses

Smaller companies take note – the U.K. Information Commissioner’s Office (ICO) and the Article 29 Working Party have highlighted that all companies must comply with the General Data Protection Regulation (GDPR) regardless of size, and recently issued special guidance for smaller businesses. The GDPR, a law that places new obligations on organizations that collect and process data about European residents, comes into effect May 25, 2018. In a recently published set of FAQs, the ICO addresses key issues raised by the GDPR in the context of small businesses, including criteria for imposition of monetary sanctions; security; determining whether your organization is a processor or controller under the terms…

READ MORE

Achieved Compliance Approved for Participation in Privacy Shield: Program Essential to Any Company Moving Data from the EU to the U.S.

Achieved Compliance is pleased to announce that it has been approved to participate in the EU-U.S. “Privacy Shield” program. The Privacy Shield provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. The Privacy Shield updates the Safe Harbor regime that had supported data flows between the jurisdictions since 2000. As a participant in the Privacy Shield, Achieved Compliance meets all EU legal requirements for protection of data about EU citizens. Companies that use Achieved Compliance software and services can rest assured that we are committed to protecting data…

READ MORE