Cordery

Legal.Compliance.

SCCE Compliance Perspectives Podcast – André Bywater on the EU-US Data Privacy Framework

What’s this all about?

The much-awaited EU-US Data Privacy Framework (“the DPF”) finally arrived earlier in the summer.

Following the European Court of Justice’s ruling over three years ago that the EU-US Privacy Shield data transfer system was invalid the EU and the US have been working to find a replacement system. The result is the DPF scheme, which is now up and running, the upshot being that personal data can be freely and safely transferred from the EU to the US (where a US entity has signed up to the scheme).

A podcast about the DPF can be found here https://www.complianceandethics.org/andre-bywater-on-the-eu-us-data-privacy-framework-podcast/.

In this SCCE podcast, André Bywater, partner at Cordery Compliance addresses the following questions concerning the DPF:

  • What’s new with the DPF?
  • Can personal data now simply be transferred from the EU to the US without doing anything else?
  • Are there any potential failure points to be on the lookout for, i.e. what are the easy mistakes organizations could make that would leave them out of compliance?
  • The UK is outside of the EU, so, how does this affect data transfers involving the UK?
  • The big question is: will this stand?  Max Schrems pressed the case which defeated the Privacy Shield regime (and the Safe Harbour scheme before that). Will he be doing the same thing again?

What does this mean for compliance teams in a nutshell?

Consideration needs to be given to:

  • Determining whether personal data is transferred from the EU to the US; and,
  • If so, whether that would best be done through the DPF, which would require a US entity to sign up to the scheme along with all the paperwork that comes with that.

If a US entity does sign up to the DPF then consideration would also need to be given as to what to do about any existing arrangements under which personal data is being transferred such as Standard Contractual Clauses (and their related Transfer Impact Assessments).

For more about the DPF see the Cordery DPF FAQs here:  https://www.corderycompliance.com/eu-us-dpf-0723-5/, and also see the Cordery film here: https://www.corderycompliance.com/dpa-0823-03/.

For more information please contact André Bywater a commercial lawyer with Cordery in London where his focus is on compliance issues.

André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 347 2365
Andre.bywater@corderycompliance.com
 

 

Contact a Cordery Specialist +44(0)207 118 2700 | Contact Us

Cordery is a trading name of Cordery Compliance Limited. Authorised and regulated by the Solicitors Regulation Authority.
SRA number 608187. Company number 07931532 registered in England and Wales. VAT number: 730859520
Registered office: Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom

Cordery Compliance Limited trading as Cordery provides some products and services which are not regulated by the Solicitors Regulation Authority; we will clearly state this to you if this is the case.

We use the word “partner” to refer to a shareowner or director of the company, or an employee or consultant who is a lawyer with equivalent standing and qualifications.

Cordery is a registered trademark of RELX (UK) Limited, used under license. The Knowledge Burst logo is a registered trademark of Reed Elsevier Properties Inc., used under license.

Copyright © 2021 Cordery. All rights reserved.