On 6 October 2015, the Court of Justice of the European Union (CJEU) invalidated the fifteen year old Safe Harbor agreement, which previously enabled companies to self-certify their transfer of European Union (EU) country residents’ personal information—both customer and employee—to servers located in the United States (US) in a compliant manner with the EU’s Directive on Data Protection.
This recent ruling made by the CJEU now allows data protection authorities in individual EU countries to suspend transfers of EU data to the US if organizations do not provide sufficient protections that meet their new requirements, which for many US companies will involve revising their current practices. Companies who handle personal information of EU residents will need to reevaluate how they can ensure compliance of transferring this data without breaking the law.
Read our blog to learn more about the CJEU’s decision.