Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.

Since the fall of Safe Harbor, Privacy Shield has governed how personal data can be transferred from Europe into the US. However, with the UK’s exit from the European Union (EU) looming, organizations need to look at how data is transferred from the UK to the US – whether internally among a company’s different locations or externally to different partners – as well as the notion of using the UK as a base for EU operations.

While the political situation around Brexit is in a near-constant state of flux, companies on both sides of the Atlantic should be aware that they will likely need to take action with regard to ensuring compliant data transfers no matter how the UK leaves the EU.

Data transfers under Privacy Shield

Currently all personal data moving from the UK to the US is governed under the Privacy Shield framework agreed to by the EU and the US. In place since February 2016, Privacy Shield is designed to ensure the free flow of personal data between the EU and US while at the same time obligating US companies to comply with the EU’s data protection requirements around the personal data of EU citizens.

These requirements come in the form of Privacy Shield Principles such as notice, choice, accountability for onward transfer, data integrity and purpose limitation. It also requires processes for dealing with complaints, employee training, and disciplinary actions. The framework is self-certified and must be renewed annually. The Privacy Shield site maintains a list of certified companies.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!