Blue Marble Blog
EU Commission Invalidates Privacy Shield
On July 16, 2020, the European Court of Justice ruled on a case known as Schrems II, related to personal data transfers between the EU and US. This case stated that the US could not ensure adequate protection of EU data transfers using Privacy Shield. As Privacy Shield is one of the most widely used data protection mechanisms, this will have a huge impact on global payroll.
The EU Court of Justice also ruled that the Standard Contractual Clauses (SCC) is now the validated mechanism to transfer data between the EU and the US, stating that SCCs are a better, more compliant way to transfer personal data required by laws in the EU. But before companies can begin using SCCs, the controller of the data and the recipient of the data must ensure the level of protection required by EU law before transferring the data. So, what to do now?
If you are currently using Privacy Shield to transfer data between the EU and US, your processes are no longer going to be compliant under the new ruling. Your global payroll team should immediately begin to assess the current process flow, identify if data is being transferred between the EU and US, if the recipient of the data is protecting the data following the new regulations, and if other measures should be adopted such as encryption. All of these considerations and determinations should be formally documented.
As with many new regulations, the EU Commission is still working on details and providing more clarity as to how this new process will be verified and enforced. There will be many requirements and obligations to protect data being transferred from the EU. Blue Marble is ready for these new changes and providing compliant SCC processes for protecting data transfers from the EU. If you need help getting your payroll in compliance, talk to our team. We have technology and service to keep your payroll running seamlessly and in compliance.
On July 16, 2020, the European Court of Justice ruled on a case known as Schrems II, related to personal data transfers between the EU and US. This case stated that the US could not ensure adequate protection of EU data transfers using Privacy Shield. As Privacy Shield is one of the most widely used data protection mechanisms, this will have a huge impact on global payroll.
The EU Court of Justice also ruled that the Standard Contractual Clauses (SCC) is now the validated mechanism to transfer data between the EU and the US, stating that SCCs are a better, more compliant way to transfer personal data required by laws in the EU. But before companies can begin using SCCs, the controller of the data and the recipient of the data must ensure the level of protection required by EU law before transferring the data. So, what to do now?
If you are currently using Privacy Shield to transfer data between the EU and US, your processes are no longer going to be compliant under the new ruling. Your global payroll team should immediately begin to assess the current process flow, identify if data is being transferred between the EU and US, if the recipient of the data is protecting the data following the new regulations, and if other measures should be adopted such as encryption. All of these considerations and determinations should be formally documented.
As with many new regulations, the EU Commission is still working on details and providing more clarity as to how this new process will be verified and enforced. There will be many requirements and obligations to protect data being transferred from the EU. Blue Marble is ready for these new changes and providing compliant SCC processes for protecting data transfers from the EU. If you need help getting your payroll in compliance, talk to our team. We have technology and service to keep your payroll running seamlessly and in compliance.