Written By Syan Bateman

Currently, US-companies, and companies with storage or services in the US, can only handle the data of UK and EU citizens on a case-by-case basis.

This is because the old Privacy Shield agreement, which once covered such personal data transfers between the US and EU, was found non-compliant with the stringent requirements of the EU and UK GDPRs. 

However, there is now a new framework in place to help international companies – the Trans-Atlantic Data Privacy Framework. 

The new framework has a few key points:

• US intelligence agencies can only access EU citizen’s personal data if it is ‘necessary and proportionate to protect national security’.
• US intelligence agencies must adopt new procedures to ensure effective oversight of privacy.
• EU citizens will have a system to make privacy complaints to a Data Protection Review Court who will be independent of the US government.

Whilst this seems like a lot of things to keep in mind, it’s still very much in formation! Despite companies waiting two years for a replacement to the Privacy Shield, you may have to hold on a little longer. Even then, there are concerns that the new framework will end up overturned just as rapidly as the old Privacy Shield.

However, if you want to engage in data transfers now, you don’t need to wait another two years for the new framework. Currently, you can work through an International Data Transfer Agreement (IDTA) to make a restricted transfer (replacing the previous Standard Contractual Clauses (SCC)).

If you require any help or advice with ensuring data compliance with the UK GDPR, please in contact with us at info@bivika.com.