AGG Data Privacy chair Kevin Coy authored an article published by Corporate Compliance Insights providing updates on the regulatory framework related to the transfer of personal data between the United States and the European Union and the U.K., as well as sharing upcoming deadlines for businesses to consider.
Data transfer from the EU to the U.S. and other countries without adequacy decisions are subject to enhanced diligence by data exporters in Europe and scrutiny by the European supervisory authorities.
“At the same time, the United Kingdom has adopted its own approach to standard contractual clauses and is considering amendments to the UK GDPR, which if adopted, would diverge from the EU GDPR,” Kevin explained. “The EU and the U.S. also continue to move forward with efforts to address the concerns raised by Schrems II court and stand up a new transatlantic data privacy framework to replace the Privacy Shield Framework that effectively was invalidated by the CJEU decision.”
To help businesses understand and comply with the evolving and complex regulatory framework for data transfers between the U.S., EU, and U.K., Kevin offered an in-depth review of key components, including new EU standard contractual clauses, the need for transfer impact assessments and new U.K. standard contractual clause options. He also provided updates and deadlines to consider related to new legislation, including potential U.K. data protection reform and a new EU-U.S. data transfer framework.
To read the full article, please click here.