n extraordinary amount of businesses in this country, particularly businesses which capture personal data via websites, transfer EU citizens’ data to US companies.
Up to now providing that the GDPR requirements have been met and information properly stated on a privacy notice, that has caused little practical problem because of the EU-US Privacy Shield.
However the European Commission now intend to suspend the EU-US Privacy Shield by 1 September 2018 unless the US government can comply with GDPR requirements. At present the EU-US Privacy Shield framework ensures an adequate legal of data protection for GDPR compliance. There is useful information on how it operates on the ICO website at https://ico.org.uk/media/for-organisations/documents/1566/international_transfers_legal_guidance.pdf.
The concerns include the fact that Facebook concedes that the data of 2.7m EU citizens was misused by Cambridge Analytica. The European Data Protection Board have also raised concerns relating to bulk personal data collection by US authorities ease of enforcing EU citizens’ rights amongst other matters.
Nothing immediately needs to be done but this should be kept under careful review and you may soon need to make an advance plan on how you will deal with transferring personal data or sharing personal data with the US based company.
For further information please contact Holly Dobson at [email protected] or on 0114 224 2121
