The Court of Justice of the European Union has invalidated the EU-U.S. Privacy Shield Framework, which more than 5,300 U.S. organizations had relied on to lawfully transfer personal data from the EU to the United States.
On July 16, the European Court of Justice—the “supreme court” of the EU—issued a surprise decision that for the second time in five years completely invalidates the special EU-to-U.S. personal “data export” mechanism, now called the “Privacy Shield.”
Want a certificate for all your hard work on GDPR? Later this year, “certification” will come into effect as a way for both data controllers and processors subject to UK data protection laws to demonstrate compliance with the GDPR.
As we sip champagne reflecting on the first anniversary of the effective date of the European General Data Protection Regulation, we consider the obligations, and four key compliance steps, that employers should bear in mind.
U.S. multinational employers and their EU subsidiaries have little time to spare before starting to address compliance with the EU's General Data Protection Regulation.
The EU's General Data Protection Regulation, while designed primarily to update current law to address the digital economy, will impact every aspect of the employment relationship, including the processing of payroll for all employees located in the EU.
Since the European Court of Justice declared invalid the Safe Harbor agreement between the U.S. Dept. of Commerce and the European Commission for the transfer of personal data, hundreds of U.S. multinationals have been struggling to find an alternative.
