A privacy watchdog from the European Union has warned, companies who are typically transfer data to the United States must revert to new arrangements with immediate effect.
The development comes in the wake of the Privacy Shield transatlantic pact being declared invalid last week.
The lack of a grace period in the court’s ruling means companies will have to use alternatives that carry greater risk and thus perhaps it would be prudent if they store and administer their data outside the United States.
Last week, Europe’s highest court cited concerns about U.S. surveillance for its ruling, disrupting thousands of companies that had depended on the four-year-old Privacy Shield to transfer Europeans’ personal data for payroll, finance and other uses.
According to the European Data Protection Board (EDPB), companies that transfer data to the United States via standard contractual clauses would have to self-assess whether these have suitable safeguards and inform their national privacy enforcer.
Companies which use binding corporate rules would have to do the same.
Along with the European Commission, the EDPB is now looking into ways to beef up standard contractual clauses and binding corporate rules that could be legal, technical or organisational.