The European Data Protection Board (EDPB) has issued guidance to help companies transfer data to the United States and other third countries safely after Europe’s top court in July ruled key methods used up until then were either invalid or unsafe.
The Court of Justice of the European Union, in addition to scrapping the EU-U.S. Privacy Shield, determined two other principal mechanisms for data transfers—standard contractual clauses (SCCs) and binding corporate rules (BCRs)—remain valid but warned neither offer 100 percent legal protection. As such, in the four months since the judgment, companies have been anxious that they may be in breach of the General Data Protection Regulation (GDPR) by continuing to transfer data across the Atlantic.
