We have previously blogged on the Privacy Shield and the changes to international data transfers. We now have guidance from the Information Commissioner’s Office on what an organisation needs to do when undertaking personal data transfers to countries outside of the EU and where that country has not been declared to provide adequate protection by the EU. The ICO confirms that the Privacy Shield has been declared to provide adequate protection for international transfer by the European Commission and also that organisations can still rely on the model contractual clauses and binding corporate rules. However, the guidance does state that there are ongoing court cases which may impact on the Privacy Shield and also the Article 29 Working Party who scrutinize EU data protection laws have stated that they will review the Privacy Shield in a year’s time. So there still may be more changes to come. We will keep you updated and the ICO has promised further guidance before the end of the year.
The ICO guidance is available here.
If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at email@example.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.