Managing the Safe Harbor Ruling

The Current Status

On 6 October 2015, the Court of Justice of the European Union (CJEU) invalidated the fifteen year old Safe Harbor agreement, which previously enabled companies to self-certify their transfer of European Union (EU) country residents’ personal information—both customer and employee—to servers located in the United States (US) in a compliant manner with the EU’s Directive on Data Protection.

This recent ruling made by the CJEU now allows data protection authorities in individual EU countries to suspend transfers of EU data to the US if organizations do not provide sufficient protections that meet their new requirements, which for many US companies will involve revising their current practices. Companies who handle personal information of EU residents will need to reevaluate how they can ensure compliance of transferring this data without breaking the law.

Read our blog to learn more about the CJEU’s decision.

Read on to learn more about the five key actions legal, compliance and privacy executives are taking to respond to this ruling, along with templates and checklists to help you along the way.