Share

2 min read

Writen by Adam

Posted on: January 15, 2021

Are you sharing data outside of the EU ? Read this

The rules relating to sharing data with any company outside the EU  have recently changed and the previously accepted standard contract clauses are no longer considered adequate. If you share data with any company outside the EU,  you need to ensure that you have completed a risk assessment as well as checking that your contract meets the standard clauses.

The EU Data Protection Board (EDPB) has issued ‘an FAQ’ on the invalidation of the Privacy Shield and the implications for Standard Contractual Clauses (SCCs). This guidance still applies to UK controllers and processors.

It is important to recognise that there is no grace period for companies to act and third-country transfers are currently illegal.

There is no guidance on how companies should ensure that data transferred is now safe and no information to help companies complete a risk assessment. So, until more guidance is provided, we are suggesting the following approach:

  1. List all third country transfers you currently have in place.
  • Document the data, nature of processing, and third-party details so you understand exactly what data is involved.
  • Ensure you have SCC’s in place with all third parties – in many cases these will be covered in the company’s terms and conditions.
  • Contact all third parties to ask for copies of any risk assessments they have completed. Don’t be too disappointed if you do not receive any as many companies are unaware.
  • Complete a Supplier Data Security Checklist for each company you share data with outside of the EU , focussing on the smaller companies. You can ignore Facebook, Google, Microsoft at this point
  • Review Facebook, Google, and Apple responses to this and keep a record of any updates.
  • Use this analysis to decide whether to stop transferring data to any company that fails your risk assessment.

This is a complex area, but we can help. We have produced a standard risk assessment template you can use and will keep you updated.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

Exciting news: Consultancy Panel is Live now

Hi all,

Hope that you are having a wonderful week. We would like to give you some exci

Data Protection Reforms in UK

This year in May, the United Kingdom Government announced the intention to introduce a reform b

What are the Leading Causes for Individual GDPR Fines?

At least 65 private individuals have received fines for GDPR violations in the EU since 2018. Th

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us
anytime.

Contact Us
06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.