On July 16, 2020, the Court of Justice for the European Union (EUCJ) invalidated the Privacy Shield as a measure for transferring personal data between the EU and the US. This blog post details some of the measures we have taken in response to that judgement.
Our Data Protection Addendum, which was incorporated into our Master Services Agreement in 2018, was drafted to rely on both the Privacy Shield framework and in the alternative, the EU approved Standard Contractual Clauses.
In light of the Schrems ruling we have decided to withdraw from the Privacy Shield and have amended our contractual documentation accordingly. Our customers can continue to rely on the Standard Contractual Clauses to lawfully transfer personal data from the EU/EEA to non-EU/EEA countries, including the U.S.
We are closely monitoring developments in relation to a revised Privacy Shield framework as well as the European Commission’s progress towards updated SCCs, and we will provide updates in due course.
In the meantime, if you have any questions about OnceHub’s response to the Schrems II decision, then please contact our Privacy Office via our contact page.
As CIO, Steve heads our information department and oversees all aspects of privacy, security, and data management. He has over three decades experience as a solicitor, an IT systems designer, and as a risk and data privacy professional in the legal and insurance sectors. Steve is a qualified solicitor, and is CRISC and IAPP/E certified. In his spare time he enjoys cycling, cooking, and fine South African wines!