The end of the Privacy Shield

... is causing widespread aftershocks for international personal data transfers to the US…and elsewhere!

The ruling by the European Court of Justice (CJEU) last week on the Schrems II case is already causing widespread shudders - not only for those involved in transferring personal data to the US, but also to those allowing personal data to be accessed in other countries outside the European Economic Area (EEA) – whether this arises from international group company use, or even non-international organisations which are using service providers (such as Cloud Service Providers for IT or data services) in non-EEA countries.

For health and care organisations and their information governance leads, the kinds of data that may be affected could be data about individual patients and their treatment, clinical trial data and information about staff, research colleagues and physicians. Organisations have become so used to working digitally that they may not even fully appreciate when international data transfers are taking place.

To find out why the CJEU has now ruled the Privacy Shield is invalid and what organisations can expect going forward, you can read our International & UK Head of IT Law, Jagvinder Singh Kang's article here and join our webinar on Thursday 30 July 2020 where he will be discussing the practical implications of the ruling further.