In July 2020, the European Court of Justice decided on the long-awaited Schrems II case. With the decision, you and your company are potentially in danger of breaching the GDPR with bad publicity and fines as a consequence.
The case is slightly complicated, but contains some important conclusions that you should be aware of, since the ruling of the EU Court of Justice means that the EU-US Privacy Shield has been overruled.
Privacy Shield was in a lot of cases the transfer basis which legalised the transfer of personal data to the United States. However, the decision also entails considerable uncertainty about the other transfer bases and seriously questions the possibility of transferring personal data out of the EU. The verdict – it means something for you too!
If you can recognise any of the following scenarios:
- We are a European company using an IT provider hosting our data outside the EU
- The IT supplier we use is registered outside the EU and our data is EITHER in the EU or outside
then you should check your GDPR-compliance, as you are at risk of violating the rules.
So what do I do?
It is still unknown how the various IT suppliers will solve these challenges – but fortunately at etrack1 we have it under control. We are a company registered in Denmark, that stores and processes all data in Denmark.
Please contact us today for a chat about the consequences of Schrems II and how we can help secure your business against potential breaches, while at the same time getting an even better and more secure solution for customer enquiries, customer travel, remediation and much more.
Maximillian Schrems. An Austrian lawyer and probably the biggest fighter for the protection of personal data filed a lawsuit against Facebook on the grounds that they had not protected his information from being handed over to the U.S. Intelligence Services and won.
In his victory, Schrems overruled the previous transfer base, the Safe Habour scheme. Therefore, the replacement Privacy Shield was implemented with even stricter requirements for the transfer of personal data. This very Privacy Shield has now suffered the same fate as Safe Habour.